kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fixed merge conflicts

This commit is contained in:
Naresh Kumar Amrutham 2018-09-10 11:45:47 -07:00
parent 2242e4cd0a 4ffc8d76f1
commit 37651c3534
276 changed files with 3721 additions and 3899 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

610
Gopkg.lock generated
View File

File diff suppressed because it is too large Load Diff

2
Gopkg.toml
View File

@ -133,7 +133,7 @@ required = [
revision = "020d11c3b9c0c7a3c2efcc8e5cf5b9ef7bcea21f"
[[override]]
name = "github.com/gophercloud/gophercloud"
revision = "6da026c32e2d622cc242d32984259c77237aefe1"
revision = "f29afc2cceca860199ee88cd355a4d0a37b3fad2"
[[override]]
name = "gopkg.in/warnings.v0"
revision = "8a331561fe74dadba6edfc59f3be66c22c3b065d"

59
Makefile
View File

@ -43,6 +43,7 @@ TESTABLE_PACKAGES:=$(shell egrep -v "k8s.io/kops/vendor" hack/.packages)
GOVETABLE_PACKAGES:=$(shell egrep -v "k8s.io/kops/cloudmock|k8s.io/kops/vendor|clientset/fake" hack/.packages)
BAZEL_OPTIONS?=
API_OPTIONS?=
GCFLAGS?=
# See http://stackoverflow.com/questions/18136918/how-to-get-current-relative-directory-of-your-makefile
MAKEDIR:=$(strip $(shell dirname "$(realpath $(lastword $(MAKEFILE_LIST)))"))
@ -53,7 +54,7 @@ unexport KOPS_BASE_URL KOPS_CLUSTER_NAME KOPS_RUN_OBSOLETE_VERSION KOPS_STATE_ST
unexport SKIP_REGION_CHECK S3_ACCESS_KEY_ID S3_ENDPOINT S3_REGION S3_SECRET_ACCESS_KEY VSPHERE_USERNAME VSPHERE_PASSWORD
# Keep in sync with upup/models/cloudup/resources/addons/dns-controller/
DNS_CONTROLLER_TAG=1.10.0-beta.1
DNS_CONTROLLER_TAG=1.10.0
# Keep in sync with logic in get_workspace_status
# TODO: just invoke tools/get_workspace_status.sh?
@ -121,9 +122,14 @@ ifndef SHASUMCMD
$(error "Neither sha1sum nor shasum command is available")
endif
# Set compiler flags to allow binary debugging
ifdef DEBUGGABLE
GCFLAGS=-gcflags "all=-N -l"
endif
.PHONY: kops-install # Install kops to local $GOPATH/bin
kops-install: gobindata-tool ${BINDATA_TARGETS}
go install ${EXTRA_BUILDFLAGS} ${LDFLAGS}"-X k8s.io/kops.Version=${VERSION} -X k8s.io/kops.GitVersion=${GITSHA} ${EXTRA_LDFLAGS}" k8s.io/kops/cmd/kops/
go install ${GCFLAGS} ${EXTRA_BUILDFLAGS} ${LDFLAGS}"-X k8s.io/kops.Version=${VERSION} -X k8s.io/kops.GitVersion=${GITSHA} ${EXTRA_LDFLAGS}" k8s.io/kops/cmd/kops/
.PHONY: channels-install # Install channels to local $GOPATH/bin
channels-install: ${CHANNELS}
@ -174,11 +180,11 @@ kops: ${KOPS}
.PHONY: ${KOPS}
${KOPS}: ${BINDATA_TARGETS}
go build ${EXTRA_BUILDFLAGS} ${LDFLAGS}"-X k8s.io/kops.Version=${VERSION} -X k8s.io/kops.GitVersion=${GITSHA} ${EXTRA_LDFLAGS}" -o $@ k8s.io/kops/cmd/kops/
go build ${GCFLAGS} ${EXTRA_BUILDFLAGS} ${LDFLAGS}"-X k8s.io/kops.Version=${VERSION} -X k8s.io/kops.GitVersion=${GITSHA} ${EXTRA_LDFLAGS}" -o $@ k8s.io/kops/cmd/kops/
${GOBINDATA}:
mkdir -p ${LOCAL}
go build ${EXTRA_BUILDFLAGS} ${LDFLAGS}"${EXTRA_LDFLAGS}" -o $@ k8s.io/kops/vendor/github.com/jteeuwen/go-bindata/go-bindata
go build ${GCFLAGS} ${EXTRA_BUILDFLAGS} ${LDFLAGS}"${EXTRA_LDFLAGS}" -o $@ k8s.io/kops/vendor/github.com/jteeuwen/go-bindata/go-bindata
.PHONY: gobindata-tool
gobindata-tool: ${GOBINDATA}
@ -209,13 +215,13 @@ check-builds-in-go110:
.PHONY: codegen
codegen: kops-gobindata
go install k8s.io/kops/upup/tools/generators/...
PATH=${GOPATH_1ST}/bin:${PATH} go generate k8s.io/kops/upup/pkg/fi/cloudup/awstasks
PATH=${GOPATH_1ST}/bin:${PATH} go generate k8s.io/kops/upup/pkg/fi/cloudup/gcetasks
PATH=${GOPATH_1ST}/bin:${PATH} go generate k8s.io/kops/upup/pkg/fi/cloudup/dotasks
PATH=${GOPATH_1ST}/bin:${PATH} go generate k8s.io/kops/upup/pkg/fi/cloudup/openstacktasks
PATH=${GOPATH_1ST}/bin:${PATH} go generate k8s.io/kops/upup/pkg/fi/cloudup/alitasks
PATH=${GOPATH_1ST}/bin:${PATH} go generate k8s.io/kops/upup/pkg/fi/assettasks
PATH=${GOPATH_1ST}/bin:${PATH} go generate k8s.io/kops/upup/pkg/fi/fitasks
PATH="${GOPATH_1ST}/bin:${PATH}" go generate k8s.io/kops/upup/pkg/fi/cloudup/awstasks
PATH="${GOPATH_1ST}/bin:${PATH}" go generate k8s.io/kops/upup/pkg/fi/cloudup/gcetasks
PATH="${GOPATH_1ST}/bin:${PATH}" go generate k8s.io/kops/upup/pkg/fi/cloudup/dotasks
PATH="${GOPATH_1ST}/bin:${PATH}" go generate k8s.io/kops/upup/pkg/fi/cloudup/openstacktasks
PATH="${GOPATH_1ST}/bin:${PATH}" go generate k8s.io/kops/upup/pkg/fi/cloudup/alitasks
PATH="${GOPATH_1ST}/bin:${PATH}" go generate k8s.io/kops/upup/pkg/fi/assettasks
PATH="${GOPATH_1ST}/bin:${PATH}" go generate k8s.io/kops/upup/pkg/fi/fitasks
.PHONY: protobuf
protobuf:
@ -232,7 +238,7 @@ test: ${BINDATA_TARGETS} # Run tests locally
.PHONY: ${DIST}/linux/amd64/nodeup
${DIST}/linux/amd64/nodeup: ${BINDATA_TARGETS}
mkdir -p ${DIST}
GOOS=linux GOARCH=amd64 go build -a ${EXTRA_BUILDFLAGS} -o $@ ${LDFLAGS}"${EXTRA_LDFLAGS} -X k8s.io/kops.Version=${VERSION} -X k8s.io/kops.GitVersion=${GITSHA}" k8s.io/kops/cmd/nodeup
GOOS=linux GOARCH=amd64 go build ${GCFLAGS} -a ${EXTRA_BUILDFLAGS} -o $@ ${LDFLAGS}"${EXTRA_LDFLAGS} -X k8s.io/kops.Version=${VERSION} -X k8s.io/kops.GitVersion=${GITSHA}" k8s.io/kops/cmd/nodeup
.PHONY: crossbuild-nodeup
crossbuild-nodeup: ${DIST}/linux/amd64/nodeup
@ -246,17 +252,17 @@ crossbuild-nodeup-in-docker:
.PHONY: ${DIST}/darwin/amd64/kops
${DIST}/darwin/amd64/kops: ${BINDATA_TARGETS}
mkdir -p ${DIST}
GOOS=darwin GOARCH=amd64 go build -a ${EXTRA_BUILDFLAGS} -o $@ ${LDFLAGS}"${EXTRA_LDFLAGS} -X k8s.io/kops.Version=${VERSION} -X k8s.io/kops.GitVersion=${GITSHA}" k8s.io/kops/cmd/kops
GOOS=darwin GOARCH=amd64 go build ${GCFLAGS} -a ${EXTRA_BUILDFLAGS} -o $@ ${LDFLAGS}"${EXTRA_LDFLAGS} -X k8s.io/kops.Version=${VERSION} -X k8s.io/kops.GitVersion=${GITSHA}" k8s.io/kops/cmd/kops
.PHONY: ${DIST}/linux/amd64/kops
${DIST}/linux/amd64/kops: ${BINDATA_TARGETS}
mkdir -p ${DIST}
GOOS=linux GOARCH=amd64 go build -a ${EXTRA_BUILDFLAGS} -o $@ ${LDFLAGS}"${EXTRA_LDFLAGS} -X k8s.io/kops.Version=${VERSION} -X k8s.io/kops.GitVersion=${GITSHA}" k8s.io/kops/cmd/kops
GOOS=linux GOARCH=amd64 go build ${GCFLAGS} -a ${EXTRA_BUILDFLAGS} -o $@ ${LDFLAGS}"${EXTRA_LDFLAGS} -X k8s.io/kops.Version=${VERSION} -X k8s.io/kops.GitVersion=${GITSHA}" k8s.io/kops/cmd/kops
.PHONY: ${DIST}/windows/amd64/kops.exe
${DIST}/windows/amd64/kops.exe: ${BINDATA_TARGETS}
mkdir -p ${DIST}
GOOS=windows GOARCH=amd64 go build -a ${EXTRA_BUILDFLAGS} -o $@ ${LDFLAGS}"${EXTRA_LDFLAGS} -X k8s.io/kops.Version=${VERSION} -X k8s.io/kops.GitVersion=${GITSHA}" k8s.io/kops/cmd/kops
GOOS=windows GOARCH=amd64 go build ${GCFLAGS} -a ${EXTRA_BUILDFLAGS} -o $@ ${LDFLAGS}"${EXTRA_LDFLAGS} -X k8s.io/kops.Version=${VERSION} -X k8s.io/kops.GitVersion=${GITSHA}" k8s.io/kops/cmd/kops
.PHONY: crossbuild
@ -376,7 +382,7 @@ push-aws-run: push
.PHONY: ${PROTOKUBE}
${PROTOKUBE}:
go build -o $@ -tags 'peer_name_alternative peer_name_hash' k8s.io/kops/protokube/cmd/protokube
go build ${GCFLAGS} -o $@ -tags 'peer_name_alternative peer_name_hash' k8s.io/kops/protokube/cmd/protokube
.PHONY: protokube
protokube: ${PROTOKUBE}
@ -412,7 +418,7 @@ nodeup: ${NODEUP}
.PHONY: ${NODEUP}
${NODEUP}: ${BINDATA_TARGETS}
go build ${EXTRA_BUILDFLAGS} ${LDFLAGS}"${EXTRA_LDFLAGS} -X k8s.io/kops.Version=${VERSION} -X k8s.io/kops.GitVersion=${GITSHA}" -o $@ k8s.io/kops/cmd/nodeup
go build ${GCFLAGS} ${EXTRA_BUILDFLAGS} ${LDFLAGS}"${EXTRA_LDFLAGS} -X k8s.io/kops.Version=${VERSION} -X k8s.io/kops.GitVersion=${GITSHA}" -o $@ k8s.io/kops/cmd/nodeup
.PHONY: nodeup-dist
nodeup-dist:
@ -426,7 +432,7 @@ nodeup-dist:
.PHONY: dns-controller-gocode
dns-controller-gocode:
go install -tags 'peer_name_alternative peer_name_hash' ${LDFLAGS}"${EXTRA_LDFLAGS} -X main.BuildVersion=${DNS_CONTROLLER_TAG}" k8s.io/kops/dns-controller/cmd/dns-controller
go install ${GCFLAGS} -tags 'peer_name_alternative peer_name_hash' ${LDFLAGS}"${EXTRA_LDFLAGS} -X main.BuildVersion=${DNS_CONTROLLER_TAG}" k8s.io/kops/dns-controller/cmd/dns-controller
.PHONY: dns-controller-builder-image
dns-controller-builder-image:
@ -459,14 +465,21 @@ utils-dist:
.PHONY: dep-prereqs
dep-prereqs:
(which hg > /dev/null) || (echo "dep requires that mercurial is installed"; exit 1)
(which dep > /dev/null) || (echo "dep-ensure requires that dep is installed"; exit 1)
(which bazel > /dev/null) || (echo "dep-ensure requires that bazel is installed"; exit 1)
.PHONY: dep-ensure
dep-ensure: dep-prereqs
dep ensure -v
# Switch weavemesh to use peer_name_hash - bazel rule-go doesn't support build tags yet
rm vendor/github.com/weaveworks/mesh/peer_name_mac.go
sed -i -e 's/peer_name_hash/!peer_name_mac/g' vendor/github.com/weaveworks/mesh/peer_name_hash.go
# Remove all bazel build files that were vendored and regenerate (we assume they are go-gettable)
find vendor/ -name "BUILD" -delete
find vendor/ -name "BUILD.bazel" -delete
bazel run //:gazelle -- -proto disable
.PHONY: gofmt
gofmt:
gofmt -w -s channels/
@ -511,12 +524,16 @@ verify-gofmt:
verify-packages: ${BINDATA_TARGETS}
hack/verify-packages.sh
# find release notes, remove PR titles and output the rest to .build, then run misspell on all files
.PHONY: verify-misspelling
verify-misspelling:
@which misspell 2>/dev/null ; if [ $$? -eq 1 ]; then \
go get -u github.com/client9/misspell/cmd/misspell; \
fi
@find . -type f \( -name "*.go*" -o -name "*.md*" \) -a \( -not -path "./vendor/*" -not -path "./_vendor/*" \) | \
@mkdir -p .build/docs
@find . -type f \( -name "*.go*" -o -name "*.md*" \) -a -path "./docs/releases/*" -exec basename {} \; | \
xargs -I{} sh -c 'sed -e "/^\* .*github.com\/kubernetes\/kops\/pull/d" docs/releases/{} > .build/docs/$(basename {})'
@find . -type f \( -name "*.go*" -o -name "*.md*" \) -a \( -not -path "./vendor/*" -not -path "./_vendor/*" -not -path "./docs/releases/*" \) | \
sed -e /README-ES.md/d -e /node_modules/d | \
xargs misspell -error
@ -556,7 +573,7 @@ channels: ${CHANNELS}
.PHONY: ${CHANNELS}
${CHANNELS}:
go build ${EXTRA_BUILDFLAGS} -o $@ ${LDFLAGS}"-X k8s.io/kops.Version=${VERSION} ${EXTRA_LDFLAGS}" k8s.io/kops/channels/cmd/channels
go build ${GCFLAGS} ${EXTRA_BUILDFLAGS} -o $@ ${LDFLAGS}"-X k8s.io/kops.Version=${VERSION} ${EXTRA_LDFLAGS}" k8s.io/kops/channels/cmd/channels
# --------------------------------------------------
# release tasks
@ -615,7 +632,7 @@ verify-apimachinery:
.PHONY: kops-server-docker-compile
kops-server-docker-compile:
GOOS=linux GOARCH=amd64 go build -a ${EXTRA_BUILDFLAGS} -o ${DIST}/linux/amd64/kops-server ${LDFLAGS}"${EXTRA_LDFLAGS} -X k8s.io/kops-server.Version=${VERSION} -X k8s.io/kops-server.GitVersion=${GITSHA}" k8s.io/kops/cmd/kops-server
GOOS=linux GOARCH=amd64 go build ${GCFLAGS} -a ${EXTRA_BUILDFLAGS} -o ${DIST}/linux/amd64/kops-server ${LDFLAGS}"${EXTRA_LDFLAGS} -X k8s.io/kops-server.Version=${VERSION} -X k8s.io/kops-server.GitVersion=${GITSHA}" k8s.io/kops/cmd/kops-server
.PHONY: kops-server-build
kops-server-build:

1
OWNERS
View File

@ -8,3 +8,4 @@ approvers:
- mikesplain
reviewers:
- robinpercy
- chrisz100

13
README.md
View File

@ -84,12 +84,13 @@ Kubernetes version.
#### Compatibility Matrix
| kops version | k8s 1.5.x | k8s 1.6.x | k8s 1.7.x | k8s 1.8.x | k8s 1.9.x |
|--------------|-----------|-----------|-----------|-----------|-----------|
| 1.9.x | Y | Y | Y | Y | Y |
| 1.8.x | Y | Y | Y | Y | N |
| 1.7.x | Y | Y | Y | N | N |
| 1.6.x | Y | Y | N | N | N |
| kops version | k8s 1.5.x | k8s 1.6.x | k8s 1.7.x | k8s 1.8.x | k8s 1.9.x | k8s 1.10.x |
|--------------|-----------|-----------|-----------|-----------|-----------|------------|
| 1.10.x | Y | Y | Y | Y | Y | Y |
| 1.9.x | Y | Y | Y | Y | Y | N |
| 1.8.x | Y | Y | Y | Y | N | N |
| 1.7.x | Y | Y | Y | N | N | N |
| 1.6.x | Y | Y | N | N | N | N |
Use the latest version of kops for all releases of Kubernetes, with the caveat
that higher versions of Kubernetes are not _officially_ supported by kops.

1
SECURITY_CONTACTS
View File

@ -12,3 +12,4 @@
justinsb
chrislovecnm
geojaz

4
addons/cluster-autoscaler/cluster-autoscaler.sh
View File

@ -73,14 +73,14 @@ EOF
ASG_POLICY_NAME=aws-cluster-autoscaler
unset TESTOUTPUT
TESTOUTPUT=$(aws iam list-policies | jq -r '.Policies[] | select(.PolicyName == "aws-cluster-autoscaler") | .Arn')
TESTOUTPUT=$(aws iam list-policies --output json | jq -r '.Policies[] | select(.PolicyName == "aws-cluster-autoscaler") | .Arn')
if [[ $? -eq 0 && -n "$TESTOUTPUT" ]]
then
printf " ✅ Policy already exists\n"
ASG_POLICY_ARN=$TESTOUTPUT
else
printf " ✅ Policy does not yet exist, creating now.\n"
ASG_POLICY=$(aws iam create-policy --policy-name $ASG_POLICY_NAME --policy-document file://asg-policy.json)
ASG_POLICY=$(aws iam create-policy --policy-name $ASG_POLICY_NAME --policy-document file://asg-policy.json --output json)
ASG_POLICY_ARN=$(echo $ASG_POLICY | jq -r '.Policy.Arn')
printf " ✅ \n"
fi

10
addons/ingress-nginx/README.md
View File

@ -1,4 +1,14 @@
## Deployment
### AWS
```
kubectl apply -f https://raw.githubusercontent.com/kubernetes/kops/master/addons/ingress-nginx/v1.6.0.yaml
```
### GCE
```
kubectl apply -f https://raw.githubusercontent.com/kubernetes/kops/master/addons/ingress-nginx/v1.6.0-gce.yaml
```
## Creating a simple ingress

6
addons/ingress-nginx/v1.6.0-gce.yaml
View File

@ -194,7 +194,7 @@ spec:
terminationGracePeriodSeconds: 60
containers:
- name: default-http-backend
image: k8s.gcr.io/defaultbackend:1.3
image: k8s.gcr.io/defaultbackend:1.4
livenessProbe:
httpGet:
path: /healthz
@ -236,6 +236,8 @@ metadata:
labels:
k8s-addon: ingress-nginx.addons.k8s.io
spec:
# Forces nodes without Service endpoints to remove themselves from the list of nodes eligible. See https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-type-loadbalancer
externalTrafficPolicy: Local
type: LoadBalancer
selector:
app: ingress-nginx
@ -272,7 +274,7 @@ spec:
terminationGracePeriodSeconds: 60
serviceAccountName: nginx-ingress-controller
containers:
- image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.12.0
- image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.18.0
name: nginx-ingress-controller
imagePullPolicy: Always
ports:

7
addons/ingress-nginx/v1.6.0.yaml
View File

@ -194,7 +194,7 @@ spec:
terminationGracePeriodSeconds: 60
containers:
- name: default-http-backend
image: k8s.gcr.io/defaultbackend:1.3
image: k8s.gcr.io/defaultbackend:1.4
livenessProbe:
httpGet:
path: /healthz
@ -236,7 +236,10 @@ metadata:
labels:
k8s-addon: ingress-nginx.addons.k8s.io
annotations:
# Enable PROXY protocol
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'
# Increase the ELB idle timeout to avoid issues with WebSockets or Server-Sent Events.
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600'
spec:
type: LoadBalancer
selector:
@ -274,7 +277,7 @@ spec:
terminationGracePeriodSeconds: 60
serviceAccountName: nginx-ingress-controller
containers:
- image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.12.0
- image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.18.0
name: nginx-ingress-controller
imagePullPolicy: Always
ports:

2
addons/kube-ingress-aws-controller/README.md
View File

@ -3,7 +3,7 @@
[Kube AWS Ingress Controller](https://github.com/zalando-incubator/kubernetes-on-aws)
creates AWS Application Load Balancer (ALB) that is used to terminate TLS connections and use
[AWS Certificate Manager (ACM)](https://aws.amazon.com/certificate-manager/) or
[AWS Identity and Access Management (IAM)](http://docs.aws.amazon.com/IAM/latest/APIReference/Welcome.html)
[AWS Identity and Access Management (IAM)](https://docs.aws.amazon.com/IAM/latest/APIReference/Welcome.html)
certificates. ALBs are used to route traffic to an Ingress http router for example
[skipper](https://github.com/zalando/skipper/), which routes
traffic to Kubernetes services and implements

7
addons/kubernetes-dashboard/addon.yaml
View File

@ -45,4 +45,9 @@ spec:
kubernetesVersion: ">=1.8.0"
selector:
k8s-addon: kubernetes-dashboard.addons.k8s.io
manifest: v1.8.3.yaml
manifest: v1.8.3.yaml
- version: 1.10.0
kubernetesVersion: ">=1.10.0"
selector:
k8s-addon: kubernetes-dashboard.addons.k8s.io
manifest: v1.10.0.yaml

167
addons/kubernetes-dashboard/v1.10.0.yaml Normal file
View File

@ -0,0 +1,167 @@
# Copyright 2017 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Configuration to deploy release version of the Dashboard UI compatible with
# Kubernetes 1.10.
#
# Example usage: kubectl create -f <this_file>
# ------------------- Dashboard Secret ------------------- #
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-certs
namespace: kube-system
type: Opaque
---
# ------------------- Dashboard Service Account ------------------- #
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
---
# ------------------- Dashboard Role & Role Binding ------------------- #
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: kubernetes-dashboard-minimal
namespace: kube-system
rules:
# Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret.
- apiGroups: [""]
resources: ["secrets"]
verbs: ["create"]
# Allow Dashboard to create 'kubernetes-dashboard-settings' config map.
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["create"]
# Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- apiGroups: [""]
resources: ["secrets"]
resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"]
verbs: ["get", "update", "delete"]
# Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- apiGroups: [""]
resources: ["configmaps"]
resourceNames: ["kubernetes-dashboard-settings"]
verbs: ["get", "update"]
# Allow Dashboard to get metrics from heapster.
- apiGroups: [""]
resources: ["services"]
resourceNames: ["heapster"]
verbs: ["proxy"]
- apiGroups: [""]
resources: ["services/proxy"]
resourceNames: ["heapster", "http:heapster:", "https:heapster:"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: kubernetes-dashboard-minimal
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kubernetes-dashboard-minimal
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kube-system
---
# ------------------- Dashboard Deployment ------------------- #
kind: Deployment
apiVersion: apps/v1beta2
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: kubernetes-dashboard
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
spec:
containers:
- name: kubernetes-dashboard
image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0
ports:
- containerPort: 8443
protocol: TCP
args:
- --auto-generate-certificates
# Uncomment the following line to manually specify Kubernetes API server Host
# If not specified, Dashboard will attempt to auto discover the API server and connect
# to it. Uncomment only if the default does not work.
# - --apiserver-host=http://my-address:port
volumeMounts:
- name: kubernetes-dashboard-certs
mountPath: /certs
# Create on-disk volume to store exec logs
- mountPath: /tmp
name: tmp-volume
livenessProbe:
httpGet:
scheme: HTTPS
path: /
port: 8443
initialDelaySeconds: 30
timeoutSeconds: 30
volumes:
- name: kubernetes-dashboard-certs
secret:
secretName: kubernetes-dashboard-certs
- name: tmp-volume
emptyDir: {}
serviceAccountName: kubernetes-dashboard
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
---
# ------------------- Dashboard Service ------------------- #
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
ports:
- port: 443
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard

4
addons/prometheus-operator/README.md
View File

@ -11,8 +11,8 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/kops/master/addons
```
### Updating the addon
Run the script bellow.
Run the script below.
```console
addons/prometheus-operator/sync-repo.sh "v0.19.0"
```
```

37
channels/alpha
View File

@ -4,41 +4,44 @@ spec:
- name: kope.io/k8s-1.4-debian-jessie-amd64-hvm-ebs-2017-07-28
providerID: aws
kubernetesVersion: ">=1.4.0 <1.5.0"
- name: kope.io/k8s-1.5-debian-jessie-amd64-hvm-ebs-2018-05-27
- name: kope.io/k8s-1.5-debian-jessie-amd64-hvm-ebs-2018-08-17
providerID: aws
kubernetesVersion: ">=1.5.0 <1.6.0"
- name: kope.io/k8s-1.6-debian-jessie-amd64-hvm-ebs-2018-05-27
- name: kope.io/k8s-1.6-debian-jessie-amd64-hvm-ebs-2018-08-17
providerID: aws
kubernetesVersion: ">=1.6.0 <1.7.0"
- name: kope.io/k8s-1.7-debian-jessie-amd64-hvm-ebs-2018-05-27
- name: kope.io/k8s-1.7-debian-jessie-amd64-hvm-ebs-2018-08-17
providerID: aws
kubernetesVersion: ">=1.7.0 <1.8.0"
- name: kope.io/k8s-1.8-debian-jessie-amd64-hvm-ebs-2018-05-27
- name: kope.io/k8s-1.8-debian-jessie-amd64-hvm-ebs-2018-08-17
providerID: aws
kubernetesVersion: ">=1.8.0 <1.9.0"
- name: kope.io/k8s-1.9-debian-jessie-amd64-hvm-ebs-2018-05-27
- name: kope.io/k8s-1.9-debian-jessie-amd64-hvm-ebs-2018-08-17
providerID: aws
kubernetesVersion: ">=1.9.0 <1.10.0"
# Need stretch as default in 1.10 (for nvme)
# BUT... this is causing the submit queue to block, so back to jessie temporarily: https://github.com/kubernetes/kubernetes/issues/56763
- name: kope.io/k8s-1.10-debian-jessie-amd64-hvm-ebs-2018-05-27
- name: kope.io/k8s-1.10-debian-jessie-amd64-hvm-ebs-2018-08-17
providerID: aws
kubernetesVersion: ">=1.10.0 <1.11.0"
- name: kope.io/k8s-1.11-debian-jessie-amd64-hvm-ebs-2018-05-27
- name: kope.io/k8s-1.11-debian-jessie-amd64-hvm-ebs-2018-08-17
providerID: aws
kubernetesVersion: ">=1.11.0"
- providerID: gce
name: "cos-cloud/cos-stable-60-9592-90-0"
name: "cos-cloud/cos-stable-65-10323-99-0"
cluster:
kubernetesVersion: v1.5.8
networking:
kubenet: {}
kubernetesVersions:
- range: ">=1.11.0"
recommendedVersion: 1.11.2
requiredVersion: 1.11.0
- range: ">=1.10.0"
recommendedVersion: 1.10.5
recommendedVersion: 1.10.6
requiredVersion: 1.10.0
- range: ">=1.9.0"
recommendedVersion: 1.9.9
recommendedVersion: 1.9.10
requiredVersion: 1.9.0
- range: ">=1.8.0"
recommendedVersion: 1.8.15
@ -56,18 +59,22 @@ spec:
recommendedVersion: 1.4.12
requiredVersion: 1.4.2
kopsVersions:
- range: ">=1.10.0-alpha.1"
recommendedVersion: "1.10.0-beta.1"
- range: ">=1.11.0-alpha.1"
#recommendedVersion: "1.10.0"
#requiredVersion: 1.10.0
kubernetesVersion: 1.10.3
kubernetesVersion: 1.11.2
- range: ">=1.10.0-alpha.1"
recommendedVersion: "1.10.0"
#requiredVersion: 1.10.0
kubernetesVersion: 1.10.6
- range: ">=1.9.0-alpha.1"
recommendedVersion: 1.9.2
#requiredVersion: 1.9.0
kubernetesVersion: 1.9.8
kubernetesVersion: 1.9.10
- range: ">=1.8.0-alpha.1"
recommendedVersion: 1.8.1
requiredVersion: 1.7.1
kubernetesVersion: 1.8.13
kubernetesVersion: 1.8.15
- range: ">=1.7.0-alpha.1"
recommendedVersion: 1.8.1
requiredVersion: 1.7.1

10
channels/stable
View File

@ -32,13 +32,13 @@ spec:
kubenet: {}
kubernetesVersions:
- range: ">=1.10.0"
recommendedVersion: 1.10.3
recommendedVersion: 1.10.5
requiredVersion: 1.10.0
- range: ">=1.9.0"
recommendedVersion: 1.9.8
recommendedVersion: 1.9.9
requiredVersion: 1.9.0
- range: ">=1.8.0"
recommendedVersion: 1.8.13
recommendedVersion: 1.8.15
requiredVersion: 1.8.0
- range: ">=1.7.0"
recommendedVersion: 1.7.16
@ -54,11 +54,11 @@ spec:
requiredVersion: 1.4.2
kopsVersions:
- range: ">=1.10.0-alpha.1"
recommendedVersion: "1.10.0-beta.1"
recommendedVersion: "1.10.0"
#requiredVersion: 1.10.0
kubernetesVersion: 1.10.3
- range: ">=1.9.0-alpha.1"
recommendedVersion: 1.9.0
recommendedVersion: 1.9.2
#requiredVersion: 1.9.0
kubernetesVersion: 1.9.8
- range: ">=1.8.0-alpha.1"

5
cmd/kops/lifecycle_integration_test.go
View File

@ -108,6 +108,8 @@ func TestLifecyclePrivateSharedSubnet(t *testing.T) {
func runLifecycleTest(h *testutils.IntegrationTestHarness, o *LifecycleTestOptions, cloud *awsup.MockAWSCloud) {
t := o.t
t.Logf("running lifecycle test for cluster %s", o.ClusterName)
var stdout bytes.Buffer
inputYAML := "in-" + o.Version + ".yaml"
@ -217,6 +219,9 @@ func runLifecycleTest(h *testutils.IntegrationTestHarness, o *LifecycleTestOptio
if ownership != expect {
t.Errorf("unexpected kubernetes.io/cluster/ tag on %q: actual=%q expected=%q", id, ownership, expect)
}
if legacy != "" {
t.Errorf("added (legacy) KubernetesCluster tag on %q, but it is shared", id)
}
} else {
switch resource {
case "ami":

2
dns-controller/cmd/dns-controller/main.go
View File

@ -181,7 +181,7 @@ func main() {
// initializeWatchers is responsible for creating the watchers
func initializeWatchers(client kubernetes.Interface, dnsctl *dns.DNSController, namespace string, watchIngress bool) error {
glog.V(1).Info("initializing the watch controllers, namespace: %q", namespace)
glog.V(1).Infof("initializing the watch controllers, namespace: %q", namespace)
nodeController, err := watchers.NewNodeController(client, dnsctl)
if err != nil {

2
dns-controller/pkg/dns/dnscontroller.go
View File

@ -600,7 +600,7 @@ func (s *DNSControllerScope) Replace(recordName string, records []Record) {
delete(s.Records, recordName)
} else {
if recordsSliceEquals(existing, records) {
glog.V(6).Infof("skipping spurious update of record %s/%s=%s", s.ScopeName, recordName, records)
glog.V(6).Infof("skipping spurious update of record %s/%s=%+v", s.ScopeName, recordName, records)
return
}

2
dnsprovider/pkg/dnsprovider/providers/aws/route53/stubs/route53api.go
View File

@ -37,7 +37,7 @@ type Route53API interface {
}
// Route53APIStub is a minimal implementation of Route53API, used primarily for unit testing.
// See http://http://docs.aws.amazon.com/sdk-for-go/api/service/route53.html for descriptions
// See https://docs.aws.amazon.com/sdk-for-go/api/service/route53/
// of all of its methods.
type Route53APIStub struct {
zones map[string]*route53.HostedZone

2
docs/apireference/build/node_modules/node-static/README.md generated vendored
View File

@ -95,7 +95,7 @@ require('http').createServer(function (request, response) {
}).listen(8080);
```
More on intercepting errors bellow.
More on intercepting errors below.
### Intercepting errors & Listening #

20
docs/cluster_spec.md
View File

@ -76,6 +76,22 @@ etcdClusters:
> __Note:__ The images for etcd that kops uses are from the Google Cloud Repository. Google doesn't release every version of etcd to the gcr. Check that the version of etcd you want to use is available [at the gcr](https://console.cloud.google.com/gcr/images/google-containers/GLOBAL/etcd?gcrImageListsize=50) before using it in your cluster spec.
By default, the Volumes created for the etcd clusters are 20GB each. They can be adjusted via the `volumeSize` parameter.
```yaml
etcdClusters:
- etcdMembers:
- instanceGroup: master-us-east-1a
name: a
volumeSize: 5
name: main
- etcdMembers:
- instanceGroup: master-us-east-1a
name: a
volumeSize: 5
name: events
```
### sshAccess
This array configures the CIDRs that are able to ssh into nodes. On AWS this is manifested as inbound security group rules on the `nodes` and `master` security groups.
@ -464,13 +480,13 @@ spec:
### fileAssets
FileAssets is an alpha feature which permits you to place inline file content into the cluster and instanceGroup specification. It's desiginated as alpha as you can probably do this via kubernetes daemonsets as an alternative.
FileAssets is an alpha feature which permits you to place inline file content into the cluster and instanceGroup specification. It's designated as alpha as you can probably do this via kubernetes daemonsets as an alternative.
```yaml
spec:
fileAssets:
- name: iptable-restore
# Note if not path is specificied the default path it /srv/kubernetes/assets/<name>
# Note if not path is specified the default path it /srv/kubernetes/assets/<name>
path: /var/lib/iptables/rules-save
roles: [Master,Node,Bastion] # a list of roles to apply the asset to, zero defaults to all
content: |

16
docs/development/building.md
View File

@ -27,6 +27,22 @@ make
Cross compiling for things like `nodeup` are now done automatically via `make nodeup`. `make push-aws-run TARGET=admin@$TARGET` will automatically choose the linux amd64 build from your `.build` directory.
## Debugging
To enable interactive debugging, the kops binary needs to be specially compiled to include debugging symbols.
Add `DEBUGGING=true` to the `make` invocation to set the compile flags appropriately.
For example, `DEBUGGING=true make` will produce a kops binary that can be interactively debugged.
### Interactive debugging with Delve
[Delve](https://github.com/derekparker/delve) can be used to interactively debug the kops binary.
After installing Delve, you can use it directly, or run it in headless mode for use with an
Interactive Development Environment (IDE).
For example, run `dlv --listen=:2345 --headless=true --api-version=2 exec ${GOPATH}/bin/kops -- <kops command>`,
and then configure your IDE to connect its debugger to port 2345 on localhost.
## Troubleshooting
- Make sure `$GOPATH` is set, and your [workspace](https://golang.org/doc/code.html#Workspaces) is configured.

27
docs/development/vendoring.md Normal file
View File

@ -0,0 +1,27 @@
# Vendoring Go dependencies
kops uses [dep](https://github.com/golang/dep) to manage vendored
dependencies.
## Prerequisites
The following software must be installed prior to running the
update commands:
* [bazel](https://github.com/bazelbuild/bazel)
* [dep](https://github.com/golang/dep)
* [hg](https://www.mercurial-scm.org/wiki/Download)
## Adding a dependency to the vendor directory
The `dep` tool will manage required dependencies based on the imports
found in the source code. Follow these steps to run the update process:
1. Add the desired import to a `.go` file.
1. Run `make dep-ensure` to start the update process. If this step is
successful, the imported dependency will be added to the `vendor`
subdirectory.
1. Commit any changes, including changes to the `vendor` directory,
`Gopkg.lock` and `Gopkg.toml`.
1. Open a pull request with these changes separately from other work
so that it is easier to review.

1
docs/experimental.md
View File

@ -13,3 +13,4 @@ The following experimental features are currently available:
* `+EnableExternalCloudController` - Enables the use of cloud-controller-manager introduced in v1.7.
* `+EnableSeparateConfigBase` - Allow a config-base that is different from the state store.
* `+SpecOverrideFlag` - Allow setting spec values on `kops create`.
* `+ExperimentalClusterDNS` - Turns off validation of the kubelet cluster dns flag.

4
docs/instance_groups.md
View File

@ -131,7 +131,7 @@ So the procedure is:
## Moving from one instance group spanning multiple AZs to one instance group per AZ
It may be beneficial to have one IG per AZ rather than one IG spanning multiple AZs. One common example is, when you have a persistent volume claim bound to an AWS EBS Volume this volume is bound to the AZ it has been created in so any resource (e.g. a StatefulSet) depending on that volume is bound to that same AZ. In this case you have to ensure that there is at least one node running in that same AZ, which is not guaruanteed by one IG. This however can be guarantueed by one IG per AZ.
It may be beneficial to have one IG per AZ rather than one IG spanning multiple AZs. One common example is, when you have a persistent volume claim bound to an AWS EBS Volume this volume is bound to the AZ it has been created in so any resource (e.g. a StatefulSet) depending on that volume is bound to that same AZ. In this case you have to ensure that there is at least one node running in that same AZ, which is not guaranteed by one IG. This however can be guaranteed by one IG per AZ.
So the procedure is:
@ -242,7 +242,7 @@ spec:
## Additional user-data for cloud-init
Kops utilizes cloud-init to initialize and setup a host at boot time. However in certain cases you may already be leaveraging certain features of cloud-init in your infrastructure and would like to continue doing so. More information on cloud-init can be found [here](http://cloudinit.readthedocs.io/en/latest/)
Kops utilizes cloud-init to initialize and setup a host at boot time. However in certain cases you may already be leveraging certain features of cloud-init in your infrastructure and would like to continue doing so. More information on cloud-init can be found [here](http://cloudinit.readthedocs.io/en/latest/)
Additional user-user data can be passed to the host provisioning by setting the `AdditionalUserData` field. A list of valid user-data content-types can be found [here](http://cloudinit.readthedocs.io/en/latest/topics/format.html#mime-multi-part-archive)

2
docs/manifests_and_customizing_via_api.md
View File

@ -305,7 +305,7 @@ The `ClusterSpec` allows a user to set configurations for such values as Docker
More information about some of the elements in the `ClusterSpec` is available in the following:
- Cluster Spec [document](cluster_spec.md) which outlines some of the values in the Cluster Specification.
- [Ectd Encryption](etcd_backup.md)
- [Etcd Encryption](etcd_backup.md)
- [GPU](gpu.md) setup
- [IAM Roles](iam_roles.md) - adding additional IAM roles.
- [Labels](labels.md)

2
docs/networking.md
View File

@ -252,7 +252,7 @@ For support with Flannel you can submit an issue on Github:
### Kube-router example for CNI, IPVS based service proxy and Network Policy enforcer
[Kube-router](https://github.com/cloudnativelabs/kube-router) is project that provides one cohesive soltion that provides CNI networking for pods, an IPVS based network service proxy and iptables based network policy enforcement.
[Kube-router](https://github.com/cloudnativelabs/kube-router) is project that provides one cohesive solution that provides CNI networking for pods, an IPVS based network service proxy and iptables based network policy enforcement.
#### Installing kube-router on a new Cluster

4
docs/node_authorization.md
View File

@ -11,7 +11,7 @@ The [node authorization service] is an experimental service which in the absence
#### **Integretion with Kops**
The node authorization service is run on the master as a daemonset, by default dns is _node-authorizer-interanl.dns_zone_:10443 and added via same mechanism at the internal kube-apiserver i.e. annotations on the kube-apiserver pods which is picked up the dns-controller and added to the dns zone.
The node authorization service is run on the master as a daemonset, by default dns is _node-authorizer-internal.dns_zone_:10443 and added via same mechanism at the internal kube-apiserver i.e. annotations on the kube-apiserver pods which is picked up the dns-controller and added to the dns zone.
When the node authorization service is enabled a systemd _(node-authorizer.service)_ unit is added on the worker nodes. This runs the node-authorizer in client mode and connects to the authorization service requesting a bootstrap token.
@ -29,7 +29,7 @@ The node authorizer currently supports two authorizers; aws and alwaysallow. The
- we check the ip address of the client requesting the document is the same the instance document.
- we check that the node has not already registered.
Assuming all the conditions are met a secret token is generated and returned to the client to continue the provising of the worker node.
Assuming all the conditions are met a secret token is generated and returned to the client to continue the providing of the worker node.
#### **Enabling the Node Authorization Service**

2
docs/releases.md
View File

@ -5,7 +5,7 @@
* A majority of maintainers must agree on a single commit SHA for the release. The agreement should be documented in the release notes.
* The maintainers will match the commit SHA to the release `major.minor.patch` in the release notes
* The maintainers will agree on a changelog proposal that MUST be in a PR prior to the release.
* The main `REAMDE.md` must also reflect the new release. Ideally this should be in the same PR.
* The main `README.md` must also reflect the new release. Ideally this should be in the same PR.
#### 2. Merge the release notes

281
docs/releases/1.10-NOTES.md
View File

@ -10,9 +10,284 @@ None known at this time
# Highlighted changes
(to follow)
(coming soon)
# Full change list
# Full change list since 1.9.0 release
(to follow)
## 1.9.0 - 1.10.0
* Update alpha channel with latest k8s releases [@justinsb](https://github.com/justinsb) [#4965](https://github.com/kubernetes/kops/pull/4965)
* 1.9.0 release notes [@justinsb](https://github.com/justinsb) [#4964](https://github.com/kubernetes/kops/pull/4964)
* digitalocean tutorial [@andrewsykim](https://github.com/andrewsykim) [#4976](https://github.com/kubernetes/kops/pull/4976)
* Update roadmap [@justinsb](https://github.com/justinsb) [#4966](https://github.com/kubernetes/kops/pull/4966)
* digitalocean: use new droplet sizes providing the same resources at cheaper prices [@andrewsykim](https://github.com/andrewsykim) [#5005](https://github.com/kubernetes/kops/pull/5005)
* Set AWS_REGION into bootstrapscript [@justinsb](https://github.com/justinsb) [#4982](https://github.com/kubernetes/kops/pull/4982)
* digitalocean: only delete A DNS records [@andrewsykim](https://github.com/andrewsykim) [#5006](https://github.com/kubernetes/kops/pull/5006)
* AWS: validate region against aws-sdk [@justinsb](https://github.com/justinsb) [#4983](https://github.com/kubernetes/kops/pull/4983)
* Treat Amazon Linux 2 as CentOS 7 [@sonaltr](https://github.com/sonaltr) [#5028](https://github.com/kubernetes/kops/pull/5028)
* Update bazel [@mikesplain](https://github.com/mikesplain) [#5032](https://github.com/kubernetes/kops/pull/5032)
* Add missing google cloud zones [@povilasv](https://github.com/povilasv) [#5022](https://github.com/kubernetes/kops/pull/5022)
* Update generated docs for 1.10 [@justinsb](https://github.com/justinsb) [#5034](https://github.com/kubernetes/kops/pull/5034)
* gazelle: use separate gazelle [@justinsb](https://github.com/justinsb) [#5036](https://github.com/kubernetes/kops/pull/5036)
* Bump recommended version for kops 1.9.0 [@mikesplain](https://github.com/mikesplain) [#5041](https://github.com/kubernetes/kops/pull/5041)
* fix IAM role for current versions of the kube-ingress-aws-controller [@szuecs](https://github.com/szuecs) [#5014](https://github.com/kubernetes/kops/pull/5014)
* Add docker 17.09.0 version for Debian 9 [@Cryptophobia](https://github.com/Cryptophobia) [#5042](https://github.com/kubernetes/kops/pull/5042)
* Fixes environment variable export. [@Raffo](https://github.com/Raffo) [#5016](https://github.com/kubernetes/kops/pull/5016)
* fix :"rbac" should be "RBAC" [@yulng](https://github.com/yulng) [#4993](https://github.com/kubernetes/kops/pull/4993)
* upgrade kube-dns to 1.14.10, fixes #4986 [@jjo](https://github.com/jjo) [#5026](https://github.com/kubernetes/kops/pull/5026)
* makefile: fix bazel-push [@justinsb](https://github.com/justinsb) [#5053](https://github.com/kubernetes/kops/pull/5053)
* Typo fix aditional->additional [@AdamDang](https://github.com/AdamDang) [#5058](https://github.com/kubernetes/kops/pull/5058)
* Add Replace and delete for SSH Secret YAML [@mikesplain](https://github.com/mikesplain) [#5050](https://github.com/kubernetes/kops/pull/5050)
* Typo fix in addons.md [@AdamDang](https://github.com/AdamDang) [#5069](https://github.com/kubernetes/kops/pull/5069)
* Update readme for 1.9 [@mikesplain](https://github.com/mikesplain) [#4963](https://github.com/kubernetes/kops/pull/4963)
* Make LogSeveritySys configurable for Canal Networking [@KashifSaadat](https://github.com/KashifSaadat) [#5068](https://github.com/kubernetes/kops/pull/5068)
* Typo fix in 1.9-NOTES.md: compatability->compatibility [@AdamDang](https://github.com/AdamDang) [#5073](https://github.com/kubernetes/kops/pull/5073)
* Typo fix: Kuberenetes->Kubernetes [@AdamDang](https://github.com/AdamDang) [#5079](https://github.com/kubernetes/kops/pull/5079)
* Typo fix: seet->set [@AdamDang](https://github.com/AdamDang) [#5080](https://github.com/kubernetes/kops/pull/5080)
* Typo fix in vsphere-development-status.md: secrete->secret [@AdamDang](https://github.com/AdamDang) [#5084](https://github.com/kubernetes/kops/pull/5084)
* Perform deep merge for template values [@gwkunze](https://github.com/gwkunze) [#4668](https://github.com/kubernetes/kops/pull/4668)
* Note that `kops rolling-update` is required after tf apply [@fgrehm](https://github.com/fgrehm) [#5081](https://github.com/kubernetes/kops/pull/5081)
* Typo fix: wil->will [@AdamDang](https://github.com/AdamDang) [#5091](https://github.com/kubernetes/kops/pull/5091)
* Add SubnetType tags to run_in_existing_vpc docs [@tsupertramp](https://github.com/tsupertramp) [#5094](https://github.com/kubernetes/kops/pull/5094)
* Typo fix: acutally->actually/overide->override/to to->to [@AdamDang](https://github.com/AdamDang) [#5099](https://github.com/kubernetes/kops/pull/5099)
* Typo fix detaults->defaults [@AdamDang](https://github.com/AdamDang) [#5067](https://github.com/kubernetes/kops/pull/5067)
* Update upgrade_from_kops_1.6_to_1.7_calico_cidr_migration.md [@AdamDang](https://github.com/AdamDang) [#5107](https://github.com/kubernetes/kops/pull/5107)
* Typo fix: healthly->healthy [@AdamDang](https://github.com/AdamDang) [#5125](https://github.com/kubernetes/kops/pull/5125)
* Remove custom Statement IDs from IAM Policy Statements [@KashifSaadat](https://github.com/KashifSaadat) [#4958](https://github.com/kubernetes/kops/pull/4958)
* Adds new kops logo [@iMartyn](https://github.com/iMartyn) [#5113](https://github.com/kubernetes/kops/pull/5113)
* Update rules go to support go 1.10.2 and 1.9.6 [@mikesplain](https://github.com/mikesplain) [#5100](https://github.com/kubernetes/kops/pull/5100)
* Typo fix in returned message: formated->formatted [@AdamDang](https://github.com/AdamDang) [#5112](https://github.com/kubernetes/kops/pull/5112)
* Fix for validating kubeconfig's hosts [@0mok](https://github.com/0mok) [#5096](https://github.com/kubernetes/kops/pull/5096)
* Add ability to use ec2 nat instance as egress [@relu](https://github.com/relu) [#5133](https://github.com/kubernetes/kops/pull/5133)
* Added tls certificate and private key path flags to kubelet config [@chrisz100](https://github.com/chrisz100) [#5088](https://github.com/kubernetes/kops/pull/5088)
* kublet: expose --experimental-allowed-unsafe-sysctls [@smcquay](https://github.com/smcquay) [#5104](https://github.com/kubernetes/kops/pull/5104)
* Update docker image versions [@justinsb](https://github.com/justinsb) [#5057](https://github.com/kubernetes/kops/pull/5057)
* CoreDNS in Kops as an addon [@rajansandeep](https://github.com/rajansandeep) [#4041](https://github.com/kubernetes/kops/pull/4041)
* Implement network task for AlibabaCloud [@LilyFaFa](https://github.com/LilyFaFa),[@xh4n3](https://github.com/xh4n3) [#4991](https://github.com/kubernetes/kops/pull/4991)
* Allow rolling-update to filter on roles [@justinsb](https://github.com/justinsb) [#5122](https://github.com/kubernetes/kops/pull/5122)
* Remove stub tests [@justinsb](https://github.com/justinsb) [#5117](https://github.com/kubernetes/kops/pull/5117)
* Don't tag shared instances at all [@justinsb](https://github.com/justinsb) [#5138](https://github.com/kubernetes/kops/pull/5138)
* fix:please N/A should be " Not Applicable" [@yulng](https://github.com/yulng) [#4994](https://github.com/kubernetes/kops/pull/4994)
* Re-enable validation of DNS ServerIP [@justinsb](https://github.com/justinsb) [#5142](https://github.com/kubernetes/kops/pull/5142)
* digitalocean: don't set --cloud-provider=external on control plane starting v1.10 [@andrewsykim](https://github.com/andrewsykim) [#4990](https://github.com/kubernetes/kops/pull/4990)
* [instance_groups.md] typo: recieve->receive [@AdamDang](https://github.com/AdamDang) [#5152](https://github.com/kubernetes/kops/pull/5152)
* Update docs regarding shared NAT Instances setup [@relu](https://github.com/relu) [#5151](https://github.com/kubernetes/kops/pull/5151)
* Update office hours time to account for DST [@mikesplain](https://github.com/mikesplain) [#5148](https://github.com/kubernetes/kops/pull/5148)
* set default GracePeriodSeconds to -1 when draining nodes [@rajatjindal](https://github.com/rajatjindal) [#5143](https://github.com/kubernetes/kops/pull/5143)
* implement disk task for ALICloud and fix typos [@LilyFaFa](https://github.com/LilyFaFa) [#5158](https://github.com/kubernetes/kops/pull/5158)
* Unify create-create overrides and set-cluster fields [@justinsb](https://github.com/justinsb) [#5123](https://github.com/kubernetes/kops/pull/5123)
* Typo fix in the returned message: runnning->running [@AdamDang](https://github.com/AdamDang) [#5186](https://github.com/kubernetes/kops/pull/5186)
* Documentation - networking Amazon VPC backend [@recollir](https://github.com/recollir) [#5180](https://github.com/kubernetes/kops/pull/5180)
* added i3.metal AWS instance type [@DavidXArnold](https://github.com/DavidXArnold) [#5189](https://github.com/kubernetes/kops/pull/5189)
* Documentation - cloudProvider required in kubelet spec with Amazon VPC backend [@recollir](https://github.com/recollir) [#5181](https://github.com/kubernetes/kops/pull/5181)
* 1.8 release notes correctly note `replace --force` [@wendorf](https://github.com/wendorf) [#5182](https://github.com/kubernetes/kops/pull/5182)
* CA Key File Permissions [@gambol99](https://github.com/gambol99) [#5196](https://github.com/kubernetes/kops/pull/5196)
* Expose streaming connection idle timeout [@aleerizw](https://github.com/aleerizw) [#5155](https://github.com/kubernetes/kops/pull/5155)
* implement SSHKey task for ALICloud [@LilyFaFa](https://github.com/LilyFaFa) [#5184](https://github.com/kubernetes/kops/pull/5184)
* Documentation - updated example for dashboard installation to 1.8.3 [@recollir](https://github.com/recollir) [#5198](https://github.com/kubernetes/kops/pull/5198)
* Update CoreDNS manifest [@rajansandeep](https://github.com/rajansandeep) [#5203](https://github.com/kubernetes/kops/pull/5203)
* Create initial docs for etcd-manager [@justinsb](https://github.com/justinsb) [#5210](https://github.com/kubernetes/kops/pull/5210)
* Support (optional) etcd-manager [@justinsb](https://github.com/justinsb) [#5126](https://github.com/kubernetes/kops/pull/5126)
* Create override for etcd-manager image [@justinsb](https://github.com/justinsb) [#5136](https://github.com/kubernetes/kops/pull/5136)
* Typo fix: attatch->attach [@AdamDang](https://github.com/AdamDang) [#5160](https://github.com/kubernetes/kops/pull/5160)
* Add a FIXME and don't log about insecure ports [@dims](https://github.com/dims) [#5178](https://github.com/kubernetes/kops/pull/5178)
* Add support for C5D instance family on AWS [@ripta](https://github.com/ripta) [#5179](https://github.com/kubernetes/kops/pull/5179)
* Add stdin support for create -f and replace -f [@ihoegen](https://github.com/ihoegen) [#5150](https://github.com/kubernetes/kops/pull/5150)
* Update AWS AMI for kubernetes >=1.9.0 <1.10.0 [@AmazingDreams](https://github.com/AmazingDreams) [#5173](https://github.com/kubernetes/kops/pull/5173)
* Kuberenets 1.11 has deprecated ExternalID this replaces it with Provi… [@zachaller](https://github.com/zachaller) [#5167](https://github.com/kubernetes/kops/pull/5167)
* Update alpha channel with latest k8s versions [@justinsb](https://github.com/justinsb) [#5217](https://github.com/kubernetes/kops/pull/5217)
* Update alpha channel with latest images [@justinsb](https://github.com/justinsb) [#5222](https://github.com/kubernetes/kops/pull/5222)
* Recommend kops 1.9.1 in alpha channel [@justinsb](https://github.com/justinsb) [#5218](https://github.com/kubernetes/kops/pull/5218)
* PSP Updates, new apiGroup for k8s v1.10 [@KashifSaadat](https://github.com/KashifSaadat) [#5225](https://github.com/kubernetes/kops/pull/5225)
* Create addon for prometheus-operator [@gianrubio](https://github.com/gianrubio) [#5140](https://github.com/kubernetes/kops/pull/5140)
* Fixing name of cert file [#5220](https://github.com/kubernetes/kops/pull/5220)
* Promote alpha channel to stable [@justinsb](https://github.com/justinsb) [#5216](https://github.com/kubernetes/kops/pull/5216)
* Add --enable-admission-plugins API server flag for k8s 1.10 [@ripta](https://github.com/ripta) [#5221](https://github.com/kubernetes/kops/pull/5221)
* Fix typo: "to user" -> "to use" [@justinsb](https://github.com/justinsb) [#5232](https://github.com/kubernetes/kops/pull/5232)
* Bump Cilium version to released [@nebril](https://github.com/nebril) [#5208](https://github.com/kubernetes/kops/pull/5208)
* Typo fix: are be->are [@AdamDang](https://github.com/AdamDang) [#5237](https://github.com/kubernetes/kops/pull/5237)
* Add proper autoloading for kops autocomplete [@ihoegen](https://github.com/ihoegen) [#5230](https://github.com/kubernetes/kops/pull/5230)
* Fix typo: adddresses -> addresses [@justinsb](https://github.com/justinsb) [#5235](https://github.com/kubernetes/kops/pull/5235)
* Replace deprecated flags: address -> insecure-bind-address [@justinsb](https://github.com/justinsb) [#5234](https://github.com/kubernetes/kops/pull/5234)
* Add AuthenticationTokenWebhook flag [@ihoegen](https://github.com/ihoegen) [#5231](https://github.com/kubernetes/kops/pull/5231)
* Setup heptio authenticator [@rdrgmnzs](https://github.com/rdrgmnzs) [#5197](https://github.com/kubernetes/kops/pull/5197)
* File Permissions Private Key [@gambol99](https://github.com/gambol99) [#5241](https://github.com/kubernetes/kops/pull/5241)
* Correct PSP RoleBinding with namespace for kube-system [@KashifSaadat](https://github.com/KashifSaadat) [#5244](https://github.com/kubernetes/kops/pull/5244)
* Fix an error. [@mahuihuang](https://github.com/mahuihuang) [#4942](https://github.com/kubernetes/kops/pull/4942)
* Upgrade to flannel v0.10.0 and explicitly specify amd64 arch [@martinhoefling](https://github.com/martinhoefling) [#5095](https://github.com/kubernetes/kops/pull/5095)
* hacks for tests on windows [@sroylance](https://github.com/sroylance) [#4723](https://github.com/kubernetes/kops/pull/4723)
* Admission Controller Fix [@gambol99](https://github.com/gambol99) [#5248](https://github.com/kubernetes/kops/pull/5248)
* Use HomeDir from client-go to get home directory [@justinsb](https://github.com/justinsb) [#5249](https://github.com/kubernetes/kops/pull/5249)
* Add public ssh keys for GCE [@povilasv](https://github.com/povilasv) [#5056](https://github.com/kubernetes/kops/pull/5056)
* Release windows build in alpha [@chrislovecnm](https://github.com/chrislovecnm) [#4524](https://github.com/kubernetes/kops/pull/4524)
* some typo fix [@liwjGhostcloud](https://github.com/liwjGhostcloud) [#4937](https://github.com/kubernetes/kops/pull/4937)
* docker: Set TasksMax to infinity [@justinsb](https://github.com/justinsb) [#5259](https://github.com/kubernetes/kops/pull/5259)
* Update aws-sdk-go to v1.13.60 [@justinsb](https://github.com/justinsb) [#5261](https://github.com/kubernetes/kops/pull/5261)
* Put verify-apimachinery into ci makefile target [@justinsb](https://github.com/justinsb) [#5262](https://github.com/kubernetes/kops/pull/5262)
* Perf fix for makefile [@justinsb](https://github.com/justinsb) [#5255](https://github.com/kubernetes/kops/pull/5255)
* Use STABLE_ prefixes for bazel workspace vars [@justinsb](https://github.com/justinsb) [#5257](https://github.com/kubernetes/kops/pull/5257)
* bazel: add notes that tasks do not work [@justinsb](https://github.com/justinsb) [#5263](https://github.com/kubernetes/kops/pull/5263)
* vendor gazelle [@justinsb](https://github.com/justinsb) [#4564](https://github.com/kubernetes/kops/pull/4564)
* Clean up variable naming in integration test [@justinsb](https://github.com/justinsb) [#5264](https://github.com/kubernetes/kops/pull/5264)
* Allow integration tests to update expected TF output [@justinsb](https://github.com/justinsb) [#5265](https://github.com/kubernetes/kops/pull/5265)
* Validate FileAssets [@gambol99](https://github.com/gambol99) [#5272](https://github.com/kubernetes/kops/pull/5272)
* Validate InstanceGroup Hooks [@gambol99](https://github.com/gambol99) [#5271](https://github.com/kubernetes/kops/pull/5271)
* Update bazel gazelle [@mikesplain](https://github.com/mikesplain) [#5274](https://github.com/kubernetes/kops/pull/5274)
* Fix go version hack to be more generic. [@mikesplain](https://github.com/mikesplain) [#5267](https://github.com/kubernetes/kops/pull/5267)
* CoreDNS pull image from gcr.io [@rajansandeep](https://github.com/rajansandeep) [#5268](https://github.com/kubernetes/kops/pull/5268)
* Clarify the usage of the --state flag. [@rdrgmnzs](https://github.com/rdrgmnzs) [#5275](https://github.com/kubernetes/kops/pull/5275)
* Implement AdditionalCIDR configuration. [@rdrgmnzs](https://github.com/rdrgmnzs) [#5270](https://github.com/kubernetes/kops/pull/5270)
* Update heptio authenticator to 0.3.0 [@rdrgmnzs](https://github.com/rdrgmnzs) [#5276](https://github.com/kubernetes/kops/pull/5276)
* Update elasticsearch logging to 5.6.4 [@frankh](https://github.com/frankh) [#5137](https://github.com/kubernetes/kops/pull/5137)
* Fix: Update heptio authenticator to 0.3.0 #5276 [@rdrgmnzs](https://github.com/rdrgmnzs) [#5278](https://github.com/kubernetes/kops/pull/5278)
* Create a SECURITY_CONTACTS file. #5205 [@rdrgmnzs](https://github.com/rdrgmnzs) [#5279](https://github.com/kubernetes/kops/pull/5279)
* Verify Spelling [@gambol99](https://github.com/gambol99) [#5277](https://github.com/kubernetes/kops/pull/5277)
* Fix some typos [@mirake](https://github.com/mirake) [#5282](https://github.com/kubernetes/kops/pull/5282)
* Update kops_edit_instancegroup.go and kops_edit_instancegroup.md [@noinarisak](https://github.com/noinarisak) [#5284](https://github.com/kubernetes/kops/pull/5284)
* Override hostname with 'aws' only if hostname override is not specified. [@tvi](https://github.com/tvi) [#5285](https://github.com/kubernetes/kops/pull/5285)
* Enable override bind address for kube-proxy. [@tvi](https://github.com/tvi) [#5286](https://github.com/kubernetes/kops/pull/5286)
* Add support for M5D instance family on AWS [@ripta](https://github.com/ripta) [#5287](https://github.com/kubernetes/kops/pull/5287)
* Support overlay2 in docker [@justinsb](https://github.com/justinsb) [#5258](https://github.com/kubernetes/kops/pull/5258)
* Rename to kops [@justinsb](https://github.com/justinsb) [#1](https://github.com/kubernetes/kops/pull/1)
* Destinctive names for ClusterRoleBindings in prometheus-operator addon [@moritzheiber](https://github.com/moritzheiber) [#5294](https://github.com/kubernetes/kops/pull/5294)
* Revert "digitalocean: don't set --cloud-provider=external on control plane starting v1.10" [@andrewsykim](https://github.com/andrewsykim) [#5297](https://github.com/kubernetes/kops/pull/5297)
* Fix typo [@xianlubird](https://github.com/xianlubird) [#4985](https://github.com/kubernetes/kops/pull/4985)
* Fix issue where we assumed that private zone were in order [@justinsb](https://github.com/justinsb) [#5139](https://github.com/kubernetes/kops/pull/5139)
* Add support for external IAM Instance Profiles [@chrislovecnm](https://github.com/chrislovecnm),[@rifelpet](https://github.com/rifelpet) [#4171](https://github.com/kubernetes/kops/pull/4171)
* Feature/s3 bucket encryption - Implements PR #4235 [@gekart](https://github.com/gekart),[@chrisz100](https://github.com/chrisz100) [#5194](https://github.com/kubernetes/kops/pull/5194)
* Customize KubeDNS [@gambol99](https://github.com/gambol99) [#4724](https://github.com/kubernetes/kops/pull/4724)
* Add hooks example for cachefiled [@bhack](https://github.com/bhack) [#5072](https://github.com/kubernetes/kops/pull/5072)
* implement LoadBalancer task for ALICloud [@LilyFaFa](https://github.com/LilyFaFa) [#5207](https://github.com/kubernetes/kops/pull/5207)
* Admission Controller Validation [@gambol99](https://github.com/gambol99) [#5250](https://github.com/kubernetes/kops/pull/5250)
* Amazon VPC CNI: Upgrade to v1.0 and Allow Custom Images [@ripta](https://github.com/ripta) [#5119](https://github.com/kubernetes/kops/pull/5119)
* ListKeypairs: don't print 'keyset.yaml' as the key id [@justinsb](https://github.com/justinsb) [#5254](https://github.com/kubernetes/kops/pull/5254)
* Fix alitasks loadbalancer typo causing test failures [@KashifSaadat](https://github.com/KashifSaadat) [#5301](https://github.com/kubernetes/kops/pull/5301)
* fix broken link to example policy file in the cluster_spec docs [@kaspernissen](https://github.com/kaspernissen) [#5146](https://github.com/kubernetes/kops/pull/5146)
* Export outputs to aid with VPC peering in Terraform [@chrissnell](https://github.com/chrissnell),[@justinsb](https://github.com/justinsb) [#5030](https://github.com/kubernetes/kops/pull/5030)
* implement router interface task for OpenStack platform [@zengchen1024](https://github.com/zengchen1024) [#4977](https://github.com/kubernetes/kops/pull/4977)
* Update expected TF output for latest master [@justinsb](https://github.com/justinsb) [#5303](https://github.com/kubernetes/kops/pull/5303)
* implement keypair task for OpenStack platform [@zetaab](https://github.com/zetaab),[@justinsb](https://github.com/justinsb) [#5110](https://github.com/kubernetes/kops/pull/5110)
* Fixup bazel [@justinsb](https://github.com/justinsb) [#5304](https://github.com/kubernetes/kops/pull/5304)
* Fix gofmt [@justinsb](https://github.com/justinsb) [#5305](https://github.com/kubernetes/kops/pull/5305)
* Add feature with s3 state store from configfile [@jsenon](https://github.com/jsenon),[@justinsb](https://github.com/justinsb) [#4737](https://github.com/kubernetes/kops/pull/4737)
* Node Bootstrap Tokens [@gambol99](https://github.com/gambol99) [#5253](https://github.com/kubernetes/kops/pull/5253)
* Add prometheus scrape to kube-dns [@mikesplain](https://github.com/mikesplain) [#5308](https://github.com/kubernetes/kops/pull/5308)
* Fix typo: HONE -> HOME [@justinsb](https://github.com/justinsb) [#5306](https://github.com/kubernetes/kops/pull/5306)
* Node Bootstrap Fix Ups [@gambol99](https://github.com/gambol99) [#5309](https://github.com/kubernetes/kops/pull/5309)
* Fix Admission Controller Validation [@gambol99](https://github.com/gambol99) [#5313](https://github.com/kubernetes/kops/pull/5313)
* Added comment for 404 on healthcheck for non-standard vpc-cidr [@aberfeldy](https://github.com/aberfeldy) [#5312](https://github.com/kubernetes/kops/pull/5312)
* Correct deployment yaml of CoreDNS [@rajansandeep](https://github.com/rajansandeep) [#5315](https://github.com/kubernetes/kops/pull/5315)
* implement Ram task for ALICloud [@LilyFaFa](https://github.com/LilyFaFa) [#5316](https://github.com/kubernetes/kops/pull/5316)
* Avoid changing IAM policy for users [@justinsb](https://github.com/justinsb) [#5307](https://github.com/kubernetes/kops/pull/5307)
* File Path Fixes [@gambol99](https://github.com/gambol99) [#5311](https://github.com/kubernetes/kops/pull/5311)
* Communicate before long waits [@eherot](https://github.com/eherot) [#5322](https://github.com/kubernetes/kops/pull/5322)
* kops set cluster: honor --name flag [@justinsb](https://github.com/justinsb) [#5325](https://github.com/kubernetes/kops/pull/5325)
* Don't always print state store path [@justinsb](https://github.com/justinsb) [#5323](https://github.com/kubernetes/kops/pull/5323)
* protokube: only specify etcd flags when managing etcd [@justinsb](https://github.com/justinsb) [#5334](https://github.com/kubernetes/kops/pull/5334)
* Use less viper discovery [@justinsb](https://github.com/justinsb) [#5324](https://github.com/kubernetes/kops/pull/5324)
* GCE: Set network tier, to avoid spurious changes [@justinsb](https://github.com/justinsb) [#5330](https://github.com/kubernetes/kops/pull/5330)
* Set log-verbosity for etcd-manager [@justinsb](https://github.com/justinsb) [#5333](https://github.com/kubernetes/kops/pull/5333)
* More configuration options for cilium [@nebril](https://github.com/nebril) [#5320](https://github.com/kubernetes/kops/pull/5320)
* gossip: create zone in protokube [@justinsb](https://github.com/justinsb) [#5332](https://github.com/kubernetes/kops/pull/5332)
* implement SecurityGroup task for ALICloud [@LilyFaFa](https://github.com/LilyFaFa) [#5328](https://github.com/kubernetes/kops/pull/5328)
* Add missing nodes/stats resource to the system:metrics-server Cluster… [@azman0101](https://github.com/azman0101) [#5331](https://github.com/kubernetes/kops/pull/5331)
* Don't autoload SSH key on GCE [@justinsb](https://github.com/justinsb) [#5256](https://github.com/kubernetes/kops/pull/5256)
* add SSHKey model for AliCloud [@LilyFaFa](https://github.com/LilyFaFa) [#5340](https://github.com/kubernetes/kops/pull/5340)
* implement scalingGroup tasks for AliCloud [@LilyFaFa](https://github.com/LilyFaFa) [#5341](https://github.com/kubernetes/kops/pull/5341)
* Typo fix [@jonyhy96](https://github.com/jonyhy96) [#5344](https://github.com/kubernetes/kops/pull/5344)
* Code Clean [@gambol99](https://github.com/gambol99) [#5350](https://github.com/kubernetes/kops/pull/5350)
* add firewallModel for ALIcloud [@LilyFaFa](https://github.com/LilyFaFa) [#5343](https://github.com/kubernetes/kops/pull/5343)
* Aggregator Routing Option [@gambol99](https://github.com/gambol99) [#5349](https://github.com/kubernetes/kops/pull/5349)
* Removing Duplication [@gambol99](https://github.com/gambol99) [#5351](https://github.com/kubernetes/kops/pull/5351)
* Git Ignore - Merge Conflict Files [@gambol99](https://github.com/gambol99) [#5354](https://github.com/kubernetes/kops/pull/5354)
* etcd-manager: GCE support [@justinsb](https://github.com/justinsb) [#5335](https://github.com/kubernetes/kops/pull/5335)
* AWS: Delete old LaunchConfigurations [@justinsb](https://github.com/justinsb) [#5245](https://github.com/kubernetes/kops/pull/5245)
* GCE: Handle storage flag on COS more carefully [@justinsb](https://github.com/justinsb) [#5362](https://github.com/kubernetes/kops/pull/5362)
* Revert COS in stable/alpha channel [@justinsb](https://github.com/justinsb) [#5359](https://github.com/kubernetes/kops/pull/5359)
* Fix containerRegistry for Kubernetes < 1.10 [@kampka](https://github.com/kampka) [#5353](https://github.com/kubernetes/kops/pull/5353)
* add RAM model for ALIcloud [@LilyFaFa](https://github.com/LilyFaFa) [#5356](https://github.com/kubernetes/kops/pull/5356)
* Add etcd TLS support for Cilium [@nebril](https://github.com/nebril) [#5240](https://github.com/kubernetes/kops/pull/5240)
* Nodeup clean [@gambol99](https://github.com/gambol99) [#5352](https://github.com/kubernetes/kops/pull/5352)
* add ScalingGroup model for AliCloud [@LilyFaFa](https://github.com/LilyFaFa) [#5364](https://github.com/kubernetes/kops/pull/5364)
* Typo fix in documentation.md [@AdamDang](https://github.com/AdamDang) [#5348](https://github.com/kubernetes/kops/pull/5348)
* Mark 1.10.0-alpha.1 [@justinsb](https://github.com/justinsb) [#5367](https://github.com/kubernetes/kops/pull/5367)
* Add 1.10-alpha.1 to stable & alpha channels [@justinsb](https://github.com/justinsb) [#5369](https://github.com/kubernetes/kops/pull/5369)
* Go versions: don't block on 1.8 [@justinsb](https://github.com/justinsb) [#5366](https://github.com/kubernetes/kops/pull/5366)
* Docker Userspace Remapping Options [@gambol99](https://github.com/gambol99) [#5357](https://github.com/kubernetes/kops/pull/5357)
* Fix minor typo in DO tutorial [@andrewlouis93](https://github.com/andrewlouis93) [#5377](https://github.com/kubernetes/kops/pull/5377)
* Installation of AWS CLI tools [@the-lost-explorer](https://github.com/the-lost-explorer) [#5379](https://github.com/kubernetes/kops/pull/5379)
* Switch bucket encryption policy warning to debug [@mikesplain](https://github.com/mikesplain) [#5376](https://github.com/kubernetes/kops/pull/5376)
* Update rolling update ig roles flag to be case insensitive [@KashifSaadat](https://github.com/KashifSaadat) [#5386](https://github.com/kubernetes/kops/pull/5386)
* add Volume model for aliCloud [@LilyFaFa](https://github.com/LilyFaFa) [#5374](https://github.com/kubernetes/kops/pull/5374)
* fix broken compute resource reservation docs for storage in cluster_spec [@kimxogus](https://github.com/kimxogus) [#5401](https://github.com/kubernetes/kops/pull/5401)
* Add Cilium documentation to networking.md [@nebril](https://github.com/nebril) [#5388](https://github.com/kubernetes/kops/pull/5388)
* delete cluster resources for ALicloud [@LilyFaFa](https://github.com/LilyFaFa) [#5395](https://github.com/kubernetes/kops/pull/5395)
* Add dockerDisableSharedPID to kubelet config [@ripta](https://github.com/ripta) [#5403](https://github.com/kubernetes/kops/pull/5403)
* Add IAM ec2:ModifyVolume permission to allow EBS volume resize [@KashifSaadat](https://github.com/KashifSaadat) [#5416](https://github.com/kubernetes/kops/pull/5416)
* Remap initContainers as well as containers in PodSpec [@coreypobrien](https://github.com/coreypobrien) [#5427](https://github.com/kubernetes/kops/pull/5427)
* Rename hept.io authenticator to aws authenticator [@rdrgmnzs](https://github.com/rdrgmnzs) [#5421](https://github.com/kubernetes/kops/pull/5421)
* Use /bin/bash in kubelet manifest ExecStartPre [@coreypobrien](https://github.com/coreypobrien) [#5428](https://github.com/kubernetes/kops/pull/5428)
* Fix the issue described in #5412 where the authenticator is no longer… [@rdrgmnzs](https://github.com/rdrgmnzs) [#5424](https://github.com/kubernetes/kops/pull/5424)
* Allow setting MTU for calico networking. [@shrinandj](https://github.com/shrinandj) [#5380](https://github.com/kubernetes/kops/pull/5380)
* Add prometheus scrape port to CoreDNS service [@rajansandeep](https://github.com/rajansandeep) [#5392](https://github.com/kubernetes/kops/pull/5392)
* Added metrics port and health check to kube-router [@aleerizw](https://github.com/aleerizw) [#5426](https://github.com/kubernetes/kops/pull/5426)
* Initial Ubuntu Bionic Support [@mikesplain](https://github.com/mikesplain) [#5394](https://github.com/kubernetes/kops/pull/5394)
* Fail cluster validation for rolling-update if a failure occurs [@dzoeteman](https://github.com/dzoeteman) [#5445](https://github.com/kubernetes/kops/pull/5445)
* Update Audit file example [@jsenon](https://github.com/jsenon) [#5432](https://github.com/kubernetes/kops/pull/5432)
* Add data-root and exec-root attributes to the docker config spec [@ripta](https://github.com/ripta) [#5431](https://github.com/kubernetes/kops/pull/5431)
* Add minRequestTimeout flag in kube-APIServer [@Sturgelose](https://github.com/Sturgelose) [#5438](https://github.com/kubernetes/kops/pull/5438)
* Fixes issue when setting docker version [@mikesplain](https://github.com/mikesplain) [#5417](https://github.com/kubernetes/kops/pull/5417)
* support edit cluster and rolling-update cluster for AliCloud [@LilyFaFa](https://github.com/LilyFaFa) [#5419](https://github.com/kubernetes/kops/pull/5419)
* docs for different VPC in the Security Group of kube-ingress-aws-controller [@kanolato](https://github.com/kanolato) [#5418](https://github.com/kubernetes/kops/pull/5418)
* Don't mount volume for auditLog when STDOUT is configured as path [@kampka](https://github.com/kampka) [#5448](https://github.com/kubernetes/kops/pull/5448)
* Adding a disclaimer for instanceGroups in docs [@Cryptophobia](https://github.com/Cryptophobia) [#3445](https://github.com/kubernetes/kops/pull/3445)
* add cluster-autoscaler.sh [@sdarwin](https://github.com/sdarwin) [#5433](https://github.com/kubernetes/kops/pull/5433)
* Add weave network encryption secret [@kampka](https://github.com/kampka) [#5441](https://github.com/kubernetes/kops/pull/5441)
* skipper selector changed [@kanolato](https://github.com/kanolato) [#5430](https://github.com/kubernetes/kops/pull/5430)
* Generate locals for terraform target [@kampka](https://github.com/kampka) [#5443](https://github.com/kubernetes/kops/pull/5443)
* Correct all the word "cluster" to be in lowercase [@AdamDang](https://github.com/AdamDang) [#5153](https://github.com/kubernetes/kops/pull/5153)
* Stop rolling update if bastions or masters failed to update [@dzoeteman](https://github.com/dzoeteman) [#5446](https://github.com/kubernetes/kops/pull/5446)
* Generate random weave password it none is supplied [@kampka](https://github.com/kampka) [#5457](https://github.com/kubernetes/kops/pull/5457)
* Node Authorization Service [@gambol99](https://github.com/gambol99) [#5317](https://github.com/kubernetes/kops/pull/5317)
* [WIP] Initial implementation of ACM certificate for API server ELB [@Raffo](https://github.com/Raffo) [#5414](https://github.com/kubernetes/kops/pull/5414)
* More autofix of expected test output [@justinsb](https://github.com/justinsb) [#5466](https://github.com/kubernetes/kops/pull/5466)
* Add configurable conntrack settings [@mikesplain](https://github.com/mikesplain) [#5456](https://github.com/kubernetes/kops/pull/5456)
* Add pull-through proxy cache for asset docker images [@kampka](https://github.com/kampka) [#5390](https://github.com/kubernetes/kops/pull/5390)
* Don't repeatedly download nodeup [@justinsb](https://github.com/justinsb) [#5462](https://github.com/kubernetes/kops/pull/5462)
* Adds ability to set template context values on command line [@gwkunze](https://github.com/gwkunze) [#5108](https://github.com/kubernetes/kops/pull/5108)
* Allow users to set the kubelets root dir. [@rdrgmnzs](https://github.com/rdrgmnzs) [#5467](https://github.com/kubernetes/kops/pull/5467)
* Update docs for config file [@justinsb](https://github.com/justinsb) [#5469](https://github.com/kubernetes/kops/pull/5469)
* Correct the `maxSize` in the cluster template example [@dcherman](https://github.com/dcherman) [#5455](https://github.com/kubernetes/kops/pull/5455)
* Add the ability to specify external loadbalancers for instancegroups [@gwkunze](https://github.com/gwkunze) [#4677](https://github.com/kubernetes/kops/pull/4677)
* Fix tests that crossed during PR merges [@justinsb](https://github.com/justinsb) [#5470](https://github.com/kubernetes/kops/pull/5470)
* change gossip dns conn limit by ENV [@yancl](https://github.com/yancl) [#5077](https://github.com/kubernetes/kops/pull/5077)
* Introduce a global backoff to rate limit failed image downloads [@justinsb](https://github.com/justinsb) [#5464](https://github.com/kubernetes/kops/pull/5464)
* Add mikesplain to approvers [@justinsb](https://github.com/justinsb) [#5480](https://github.com/kubernetes/kops/pull/5480)
* have travis fail when verify-apimachinery.sh fails and fix incompatible apimachinery [@chrisz100](https://github.com/chrisz100) [#5477](https://github.com/kubernetes/kops/pull/5477)
* Use portable shebang for hack scripts [@kampka](https://github.com/kampka) [#5478](https://github.com/kubernetes/kops/pull/5478)
* Add autoscaling group ids to terraform module output [@kampka](https://github.com/kampka) [#5472](https://github.com/kubernetes/kops/pull/5472)
* Allow kubelet to bind the hosts primary IP [@rdrgmnzs](https://github.com/rdrgmnzs) [#5460](https://github.com/kubernetes/kops/pull/5460)
* ContainerRegistry remapping should be atomic [@kampka](https://github.com/kampka) [#5479](https://github.com/kubernetes/kops/pull/5479)
* [GPU] Updated Kops GPU Setup Hook [@dcwangmit01](https://github.com/dcwangmit01) [#4971](https://github.com/kubernetes/kops/pull/4971)
* Only use SSL for ELB if certificate configured [@justinsb](https://github.com/justinsb) [#5485](https://github.com/kubernetes/kops/pull/5485)
* Simplify logic around master rolling-update [@justinsb](https://github.com/justinsb) [#5488](https://github.com/kubernetes/kops/pull/5488)
* Update Issue templates and add PR template [@mikesplain](https://github.com/mikesplain) [#5487](https://github.com/kubernetes/kops/pull/5487)
* Force-load br_netfilter in nodeup [@justinsb](https://github.com/justinsb) [#5490](https://github.com/kubernetes/kops/pull/5490)
* Remove gossip connection limit entirely [@justinsb](https://github.com/justinsb) [#5486](https://github.com/kubernetes/kops/pull/5486)
* Fix GCE instance lookup during validation [@justinsb](https://github.com/justinsb) [#5491](https://github.com/kubernetes/kops/pull/5491)
* Only manage internal DNS zone if configuration has been specified [@mellowplace](https://github.com/mellowplace) [#5375](https://github.com/kubernetes/kops/pull/5375)
* Add portmap CNI plugin for k8s >= 1.9 [@justinsb](https://github.com/justinsb) [#5494](https://github.com/kubernetes/kops/pull/5494)
* Add new instance types r5, r5d, z1d [@rekcah78](https://github.com/rekcah78) [#5529](https://github.com/kubernetes/kops/pull/5529)
* Remove GetAsgForInstance IAM permission [@justinsb](https://github.com/justinsb) [#5566](https://github.com/kubernetes/kops/pull/5566)
* Check errors when parsing JSON on IAM policies [@justinsb](https://github.com/justinsb) [#5533](https://github.com/kubernetes/kops/pull/5533)
* Add authentication-token-webhook-cache-ttl flag to kubelet config [@ihoegen](https://github.com/ihoegen) [#5508](https://github.com/kubernetes/kops/pull/5508)
* Add AWS IAM permission to check for volume resize [@KashifSaadat](https://github.com/KashifSaadat) [#5597](https://github.com/kubernetes/kops/pull/5597)
* Enable weave network encryption for k8s 1.6 [@Andrey9kin](https://github.com/Andrey9kin) [#5595](https://github.com/kubernetes/kops/pull/5595)
* Add ssh user to kops toolbox dump [@justinsb](https://github.com/justinsb) [#5511](https://github.com/kubernetes/kops/pull/5511)
* Add amazon.com image owner alias and Amazon Linux 2 documentation [@Pharb](https://github.com/Pharb) [#5577](https://github.com/kubernetes/kops/pull/5577)
* Bump Weave Net to v2.4.0 [@brb](https://github.com/brb) [#5552](https://github.com/kubernetes/kops/pull/5552)
* Create ExperimentalClusterDNS feature flag [@justinsb](https://github.com/justinsb) [#5610](https://github.com/kubernetes/kops/pull/5610)
* Validate that require-kubeconfig is not passed after 1.10 [@justinsb](https://github.com/justinsb) [#5621](https://github.com/kubernetes/kops/pull/5621)
* Don't assume that we only have one subnet per AZ [@justinsb](https://github.com/justinsb) [#5601](https://github.com/kubernetes/kops/pull/5601)
* DigitalOcean: don't try to set SSE [@justinsb](https://github.com/justinsb) [#5625](https://github.com/kubernetes/kops/pull/5625)
* weave: bump version for 2.3.0 [@justinsb](https://github.com/justinsb) [#5618](https://github.com/kubernetes/kops/pull/5618)

40
docs/single-to-multi-master.md
View File

@ -286,3 +286,43 @@ While optional, this last step allows you to be sure that your masters are
fully configured by Kops and that there is no residual manual configuration.
If there is any configuration problem, they will be detected during this step
and not during a future upgrade or, worse, during a master failure.
## 6 - Restore (if migration to multi-master failed)
In case you failed to upgrade to multi-master you will need to restore from the backup you have taken previously.
Take extra care becase kops will not start etcd and etcd-events with the same ID on <master-b> an/or <master-c> for example but will mix them (ex: etcd-b and etcd-events-c on <master-b> & etcd-c and etcd-events-b on <master-c> ); this can be double checked in Route53 where kops will create DNS records for your services.
If your 2nd spinned master failed and cluster becomes inconsistent edit the corresponding kops master instancegroup and switch ``MinSize`` and ``MaxSize`` to "0" and run an update on your cluster.
Next ssh into your primary master:
``systemctl stop kubelet``
``systemctl stop protokube``
Reinitialize the etcd instances:
* In both ``/etc/kubernetes/manifests/etcd-events.manifest`` and
``/etc/kubernetes/manifests/etcd.manifest``, add the
``ETCD_FORCE_NEW_CLUSTER`` variable with value ``1``.
* Delete the containers and the data directories while restoring also from previous backup:
```bash
root@ip-172-20-116-230:~# docker stop $(docker ps | grep "gcr.io/google_containers/etcd" | awk '{print $1}')
root@ip-172-20-116-230:~# rm -r /mnt/master-vol-03b97b1249caf379a/var/etcd/data-events/member/
root@ip-172-20-116-230:~# rm -r /mnt/master-vol-0dbfd1f3c60b8c509/var/etcd/data/member/
root@ip-172-20-116-230:~# cp -R /mnt/master-vol-03b97b1249caf379a/var/etcd/data-events/backup/member /mnt/master-vol-03b97b1249caf379a/var/etcd/data-events/
root@ip-172-20-116-230:~# cp -R /mnt/master-vol-0dbfd1f3c60b8c509/var/etcd/data/backup/member /mnt/master-vol-0dbfd1f3c60b8c509/var/etcd/data/
```
Now start back the services and watch for the logs:
``systemctl start kubelet``
``tail -f /var/log/etcd*`` # for errors, if no errors encountered re-start also protokube
``systemctl start protokube``
Test if your master is reboot-proof:
Go to EC2 and ``Terminate`` the instance and check if your cluster recovers (needed to discard any manual configurations and check that kops handles everything the right way).
Note! Would recommend also to use Amazon Lambda to take daily Snapshots of all your persistent volume so you can have from what to recover in case of failures.

28
docs/state.md
View File

@ -56,3 +56,31 @@ There are a few ways to configure your state store. In priority order:
```
kops_state_store: s3://yourstatestore
```
## Cross Account State-store (AWS)
There are situations in which the entity executing kops to create the cluster is not in the same account as the owner of the state store bucket. In this case, you must explicitly grant the permission: `s3:getBucketLocation` to the ARN that is running kops.
You can use the following policy to guide your implementation:
```
{
"Id": "123",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "123",
"Action": [
"s3:GetBucketLocation"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::state-store-bucket",
"Principal": {
"AWS": [
"arn:aws:iam::123456789:user/kopsuser"
]
}
}
]
}
```

63
docs/tutorial/openstack.md Normal file
View File

@ -0,0 +1,63 @@
# Getting Started with kops on OpenStack
**WARNING**: OpenStack support on kops is currently **alpha** meaning it is in the early stages of development and subject to change, please use with caution.
## Create config file
The config file contains the OpenStack credentials required to create a cluster. The config file has the following format:
```ini
[Default]
identity=<OS_AUTH_URL>
user=mk8s=<OS_USERNAME>
password=<OS_PASSWORD>
domain_name=<OS_USER_DOMAIN_NAME>
tenant_id=<OS_PROJECT_ID>
[Swift]
service_type=object-store
region=<OS_REGION_NAME>
[Cinder]
service_type=volumev3
region=<OS_REGION_NAME>
[Neutron]
service_type=network
region=<OS_REGION_NAME>
[Nova]
service_type=compute
region=<OS_REGION_NAME>
```
## Environment Variables
It is important to set the following environment variables:
```bash
export OPENSTACK_CREDENTIAL_FILE=<config-file> # where <config-file> is the path of the config file
export KOPS_STATE_STORE=swift://<bucket-name> # where <bucket-name> is the name of the Swift container to use for kops state
# TODO(lmb): Add a feature gate for OpenStack
# this is required since OpenStack support is currently in alpha so it is feature gated
# export KOPS_FEATURE_FLAGS="AlphaAllowOpenStack"
```
## Creating a Cluster
```bash
# coreos (the default) + flannel overlay cluster in Default
kops create cluster --cloud=openstack --name=my-cluster.k8s.local --networking=flannel --zones=Default --network-cidr=192.168.0.0/16
# Not implemented yet...
# kops update cluster my-cluster.k8s.local --yes
# to delete a cluster
# Not implemented yet...
# kops delete cluster my-cluster.k8s.local --yes
```
## Features Still in Development
kops for OpenStack currently does not support these features:
* cluster create (servers, servergroups, load balancers, and DNS are not implemented yet)
* cluster delete
* state delete (fails due to unimplemented methods)

2
hack/.packages
View File

@ -117,6 +117,7 @@ k8s.io/kops/pkg/resources/aws
k8s.io/kops/pkg/resources/digitalocean
k8s.io/kops/pkg/resources/digitalocean/dns
k8s.io/kops/pkg/resources/gce
k8s.io/kops/pkg/resources/openstack
k8s.io/kops/pkg/resources/ops
k8s.io/kops/pkg/sshcredentials
k8s.io/kops/pkg/systemd
@ -179,6 +180,7 @@ k8s.io/kops/upup/tools/generators/fitask
k8s.io/kops/upup/tools/generators/pkg/codegen
k8s.io/kops/util/pkg/exec
k8s.io/kops/util/pkg/hashing
k8s.io/kops/util/pkg/reflectutils
k8s.io/kops/util/pkg/slice
k8s.io/kops/util/pkg/tables
k8s.io/kops/util/pkg/ui

2
nodeup/pkg/model/BUILD.bazel
View File

@ -52,8 +52,8 @@ go_library(
"//pkg/try:go_default_library",
"//upup/pkg/fi:go_default_library",
"//upup/pkg/fi/nodeup/nodetasks:go_default_library",
"//upup/pkg/fi/utils:go_default_library",
"//util/pkg/exec:go_default_library",
"//util/pkg/reflectutils:go_default_library",
"//util/pkg/vfs:go_default_library",
"//vendor/github.com/aws/aws-sdk-go/aws/ec2metadata:go_default_library",
"//vendor/github.com/aws/aws-sdk-go/aws/session:go_default_library",

10
nodeup/pkg/model/context.go
View File

@ -42,11 +42,13 @@ type NodeupModelContext struct {
Cluster *kops.Cluster
Distribution distros.Distribution
InstanceGroup *kops.InstanceGroup
IsMaster bool
KeyStore fi.CAStore
NodeupConfig *nodeup.Config
SecretStore fi.SecretStore
// IsMaster is true if the InstanceGroup has a role of master (populated by Init)
IsMaster bool
kubernetesVersion semver.Version
}
@ -58,6 +60,12 @@ func (c *NodeupModelContext) Init() error {
}
c.kubernetesVersion = *k8sVersion
if c.InstanceGroup == nil {
glog.Warningf("cannot determine role, InstanceGroup not set")
} else if c.InstanceGroup.Spec.Role == kops.InstanceGroupRoleMaster {
c.IsMaster = true
}
return nil
}

21
nodeup/pkg/model/kubelet.go
View File

@ -24,6 +24,13 @@ import (
"path/filepath"
"time"
"github.com/aws/aws-sdk-go/aws/ec2metadata"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/golang/glog"
"k8s.io/api/core/v1"
"k8s.io/apiserver/pkg/authentication/user"
"k8s.io/kops/nodeup/pkg/distros"
"k8s.io/kops/pkg/apis/kops"
"k8s.io/kops/pkg/flagbuilder"
@ -31,13 +38,7 @@ import (
"k8s.io/kops/pkg/systemd"
"k8s.io/kops/upup/pkg/fi"
"k8s.io/kops/upup/pkg/fi/nodeup/nodetasks"
"k8s.io/kops/upup/pkg/fi/utils"
"github.com/aws/aws-sdk-go/aws/ec2metadata"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/golang/glog"
"k8s.io/api/core/v1"
"k8s.io/apiserver/pkg/authentication/user"
"k8s.io/kops/util/pkg/reflectutils"
)
const (
@ -423,9 +424,9 @@ func (b *KubeletBuilder) buildKubeletConfigSpec() (*kops.KubeletConfigSpec, erro
// Merge KubeletConfig for NodeLabels
c := &kops.KubeletConfigSpec{}
if b.InstanceGroup.Spec.Role == kops.InstanceGroupRoleMaster {
utils.JsonMergeStruct(c, b.Cluster.Spec.MasterKubelet)
reflectutils.JsonMergeStruct(c, b.Cluster.Spec.MasterKubelet)
} else {
utils.JsonMergeStruct(c, b.Cluster.Spec.Kubelet)
reflectutils.JsonMergeStruct(c, b.Cluster.Spec.Kubelet)
}
// @check if we are using secure kubelet <-> api settings
@ -439,7 +440,7 @@ func (b *KubeletBuilder) buildKubeletConfigSpec() (*kops.KubeletConfigSpec, erro
}
if b.InstanceGroup.Spec.Kubelet != nil {
utils.JsonMergeStruct(c, b.InstanceGroup.Spec.Kubelet)
reflectutils.JsonMergeStruct(c, b.InstanceGroup.Spec.Kubelet)
}
if b.InstanceGroup.Spec.Role == kops.InstanceGroupRoleMaster {

2
pkg/acls/s3/storage.go
View File

@ -59,7 +59,7 @@ func (s *s3PublicAclStrategy) GetACL(p vfs.Path, cluster *kops.Cluster) (vfs.ACL
// We are checking that the file repository url is in S3
_, err = vfs.VFSPath(fileRepository)
if err != nil {
glog.V(8).Infof("path %q is not inside of a s3 bucket", u.String)
glog.V(8).Infof("path %q is not inside of a s3 bucket", u.String())
return nil, nil
}

1
pkg/apis/kops/validation/BUILD.bazel
View File

@ -22,6 +22,7 @@ go_library(
"//upup/pkg/fi:go_default_library",
"//upup/pkg/fi/cloudup/awsup:go_default_library",
"//vendor/github.com/blang/semver:go_default_library",
"//vendor/github.com/golang/glog:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/api/validation:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/util/net:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/util/sets:go_default_library",

25
pkg/apis/kops/validation/aws.go
View File

@ -19,6 +19,8 @@ package validation
import (
"strings"
"fmt"
"github.com/golang/glog"
"k8s.io/apimachinery/pkg/util/sets"
"k8s.io/apimachinery/pkg/util/validation/field"
"k8s.io/kops/pkg/apis/kops"
@ -44,6 +46,8 @@ func awsValidateInstanceGroup(ig *kops.InstanceGroup) field.ErrorList {
allErrs = append(allErrs, awsValidateMachineType(field.NewPath(ig.GetName(), "spec", "machineType"), ig.Spec.MachineType)...)
allErrs = append(allErrs, awsValidateAMIforNVMe(field.NewPath(ig.GetName(), "spec", "machineType"), ig)...)
return allErrs
}
@ -79,3 +83,24 @@ func awsValidateMachineType(fieldPath *field.Path, machineType string) field.Err
return allErrs
}
// TODO: make image validation smarter? graduate from jessie to stretch? This is quick and dirty because we keep getting reports
func awsValidateAMIforNVMe(fieldPath *field.Path, ig *kops.InstanceGroup) field.ErrorList {
// TODO: how can we put this list somewhere better?
NVMe_INSTANCE_PREFIXES := []string{"P3", "C5", "M5", "H1", "I3"}
allErrs := field.ErrorList{}
for _, prefix := range NVMe_INSTANCE_PREFIXES {
if strings.Contains(strings.ToUpper(ig.Spec.MachineType), strings.ToUpper(prefix)) {
glog.V(2).Infof("machineType %s requires an image based on stretch to operate. Trying to check compatibility", ig.Spec.MachineType)
if strings.Contains(ig.Spec.Image, "jessie") {
errString := fmt.Sprintf("%s cannot use machineType %s with image based on Debian jessie.", ig.Name, ig.Spec.MachineType)
allErrs = append(allErrs, field.Forbidden(fieldPath, errString))
continue
}
}
}
return allErrs
}

32
pkg/apis/kops/validation/aws_test.go
View File

@ -70,6 +70,38 @@ func TestValidateInstanceGroupSpec(t *testing.T) {
},
ExpectedErrors: []string{"Invalid value::test-nodes.spec.machineType"},
},
{
Input: kops.InstanceGroupSpec{
MachineType: "m5.large",
Image: "k8s-1.9-debian-stretch-amd64-hvm-ebs-2018-03-11",
},
ExpectedErrors: []string{},
},
{
Input: kops.InstanceGroupSpec{
MachineType: "m5.large",
Image: "k8s-1.9-debian-jessie-amd64-hvm-ebs-2018-03-11",
},
ExpectedErrors: []string{
"Forbidden::test-nodes.spec.machineType",
},
},
{
Input: kops.InstanceGroupSpec{
MachineType: "c5.large",
Image: "k8s-1.9-debian-stretch-amd64-hvm-ebs-2018-03-11",
},
ExpectedErrors: []string{},
},
{
Input: kops.InstanceGroupSpec{
MachineType: "c5.large",
Image: "k8s-1.9-debian-jessie-amd64-hvm-ebs-2018-03-11",
},
ExpectedErrors: []string{
"Forbidden::test-nodes.spec.machineType",
},
},
}
for _, g := range grid {
ig := &kops.InstanceGroup{

32
pkg/apis/kops/validation/legacy.go
View File

@ -283,11 +283,13 @@ func ValidateCluster(c *kops.Cluster, strict bool) *field.Error {
if !serviceClusterIPRange.Contains(ip) {
return field.Invalid(fieldSpec.Child("kubeDNS", "serverIP"), address, fmt.Sprintf("ServiceClusterIPRange %q must contain the DNS Server IP %q", c.Spec.ServiceClusterIPRange, address))
}
if c.Spec.Kubelet != nil && c.Spec.Kubelet.ClusterDNS != c.Spec.KubeDNS.ServerIP {
return field.Invalid(fieldSpec.Child("kubeDNS", "serverIP"), address, "Kubelet ClusterDNS did not match cluster kubeDNS.serverIP")
}
if c.Spec.MasterKubelet != nil && c.Spec.MasterKubelet.ClusterDNS != c.Spec.KubeDNS.ServerIP {
return field.Invalid(fieldSpec.Child("kubeDNS", "serverIP"), address, "MasterKubelet ClusterDNS did not match cluster kubeDNS.serverIP")
if !featureflag.ExperimentalClusterDNS.Enabled() {
if c.Spec.Kubelet != nil && c.Spec.Kubelet.ClusterDNS != c.Spec.KubeDNS.ServerIP {
return field.Invalid(fieldSpec.Child("kubeDNS", "serverIP"), address, "Kubelet ClusterDNS did not match cluster kubeDNS.serverIP")
}
if c.Spec.MasterKubelet != nil && c.Spec.MasterKubelet.ClusterDNS != c.Spec.KubeDNS.ServerIP {
return field.Invalid(fieldSpec.Child("kubeDNS", "serverIP"), address, "MasterKubelet ClusterDNS did not match cluster kubeDNS.serverIP")
}
}
}
@ -470,6 +472,16 @@ func ValidateCluster(c *kops.Cluster, strict bool) *field.Error {
}
}
if kubernetesRelease.GTE(semver.MustParse("1.10.0")) {
// Flag removed in 1.10
if c.Spec.Kubelet.RequireKubeconfig != nil {
return field.Invalid(
kubeletPath.Child("requireKubeconfig"),
*c.Spec.Kubelet.RequireKubeconfig,
"require-kubeconfig flag was removed in 1.10. (Please be sure you are not using a cluster config from `kops get cluster --full`)")
}
}
if c.Spec.Kubelet.BootstrapKubeconfig != "" {
if c.Spec.KubeAPIServer == nil {
return field.Required(fieldSpec.Child("KubeAPIServer"), "bootstrap token require the NodeRestriction admissions controller")
@ -499,6 +511,16 @@ func ValidateCluster(c *kops.Cluster, strict bool) *field.Error {
}
}
if kubernetesRelease.GTE(semver.MustParse("1.10.0")) {
// Flag removed in 1.10
if c.Spec.MasterKubelet.RequireKubeconfig != nil {
return field.Invalid(
masterKubeletPath.Child("requireKubeconfig"),
*c.Spec.MasterKubelet.RequireKubeconfig,
"require-kubeconfig flag was removed in 1.10. (Please be sure you are not using a cluster config from `kops get cluster --full`)")
}
}
if c.Spec.MasterKubelet.APIServers != "" && !isValidAPIServersURL(c.Spec.MasterKubelet.APIServers) {
return field.Invalid(masterKubeletPath.Child("APIServers"), c.Spec.MasterKubelet.APIServers, "Not a valid APIServer URL")
}

2
pkg/apis/kops/validation/validation_test.go
View File

@ -196,7 +196,7 @@ func Test_Validate_DockerConfig_Storage(t *testing.T) {
config := &kops.DockerConfig{Storage: &name}
errs := ValidateDockerConfig(config, field.NewPath("docker"))
if len(errs) != 1 {
t.Fatalf("Expected errors validating DockerConfig %q", config)
t.Fatalf("Expected errors validating DockerConfig %+v", config)
}
if errs[0].Field != "docker.storage" || errs[0].Type != field.ErrorTypeNotSupported {
t.Fatalf("Not the expected error validating DockerConfig %q", errs)

4
pkg/featureflag/featureflag.go
View File

@ -37,6 +37,10 @@ func Bool(b bool) *bool {
return &b
}
// ExperimentalClusterDNS allows for setting the kubelet dns flag to experimental values.
// It allows for experiments with alternative DNS configurations - in particular local proxies.
var ExperimentalClusterDNS = New("ExperimentalClusterDNS", Bool(false))
// KeepLaunchConfigurations can be set to prevent garbage collection of old launch configurations
var KeepLaunchConfigurations = New("KeepLaunchConfigurations", Bool(false))

2
pkg/flagbuilder/BUILD.bazel
View File

@ -6,7 +6,7 @@ go_library(
importpath = "k8s.io/kops/pkg/flagbuilder",
visibility = ["//visibility:public"],
deps = [
"//upup/pkg/fi/utils:go_default_library",
"//util/pkg/reflectutils:go_default_library",
"//vendor/github.com/golang/glog:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
],

13
pkg/flagbuilder/build_flags.go
View File

@ -24,9 +24,10 @@ import (
"strings"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/kops/upup/pkg/fi/utils"
"github.com/golang/glog"
"k8s.io/kops/util/pkg/reflectutils"
)
// BuildFlags returns a space separated list arguments
@ -57,7 +58,7 @@ func BuildFlagsList(options interface{}) ([]string, error) {
}
if tag == "-" {
glog.V(4).Infof("skipping field with %q flag tag: %s", tag, path)
return utils.SkipReflection
return reflectutils.SkipReflection
}
// If we specify the repeat option, we will repeat the flag rather than joining it with commas
@ -109,7 +110,7 @@ func BuildFlagsList(options interface{}) ([]string, error) {
flag := fmt.Sprintf("--%s=%s", flagName, strings.Join(args, ","))
flags = append(flags, flag)
}
return utils.SkipReflection
return reflectutils.SkipReflection
}
return fmt.Errorf("BuildFlags of value type not handled: %T %s=%v", val.Interface(), path, val.Interface())
@ -132,7 +133,7 @@ func BuildFlagsList(options interface{}) ([]string, error) {
flags = append(flags, flag)
}
}
return utils.SkipReflection
return reflectutils.SkipReflection
}
return fmt.Errorf("BuildFlags of value type not handled: %T %s=%v", val.Interface(), path, val.Interface())
@ -188,9 +189,9 @@ func BuildFlagsList(options interface{}) ([]string, error) {
flags = append(flags, flag)
}
return utils.SkipReflection
return reflectutils.SkipReflection
}
err := utils.ReflectRecursive(reflect.ValueOf(options), walker)
err := reflectutils.ReflectRecursive(reflect.ValueOf(options), walker)
if err != nil {
return nil, fmt.Errorf("BuildFlagsList to reflect value: %s", err)
}

4
pkg/kubemanifest/visitor.go
View File

@ -32,12 +32,12 @@ func (m *visitorBase) VisitString(path []string, v string, mutator func(string))
}
func (m *visitorBase) VisitBool(path []string, v bool, mutator func(bool)) error {
glog.V(10).Infof("string value at %s: %s", strings.Join(path, "."), v)
glog.V(10).Infof("string value at %s: %v", strings.Join(path, "."), v)
return nil
}
func (m *visitorBase) VisitFloat64(path []string, v float64, mutator func(float64)) error {
glog.V(10).Infof("float64 value at %s: %s", strings.Join(path, "."), v)
glog.V(10).Infof("float64 value at %s: %f", strings.Join(path, "."), v)
return nil
}

8
pkg/model/awsmodel/autoscalinggroup.go
View File

@ -230,11 +230,11 @@ func (b *AutoscalingGroupModelBuilder) Build(c *fi.ModelBuilderContext) error {
}
t.Tags = tags
if ig.Spec.SuspendProcesses != nil {
for _, p := range ig.Spec.SuspendProcesses {
t.SuspendProcesses = append(t.SuspendProcesses, p)
}
processes := []string{}
for _, p := range ig.Spec.SuspendProcesses {
processes = append(processes, p)
}
t.SuspendProcesses = &processes
c.AddTask(t)
}

1
pkg/model/bootstrapscript.go
View File

@ -191,7 +191,6 @@ func (b *BootstrapScript) ResourceNodeUp(ig *kops.InstanceGroup, cluster *kops.C
spec["kubelet"] = ig.Spec.Kubelet
spec["nodeLabels"] = ig.Spec.NodeLabels
spec["taints"] = ig.Spec.Taints
spec["suspendProcesses"] = ig.Spec.SuspendProcesses
hooks, err := b.getRelevantHooks(ig.Spec.Hooks, ig.Spec.Role)
if err != nil {

14
pkg/model/components/kubelet.go
View File

@ -48,11 +48,6 @@ func (b *KubeletOptionsBuilder) BuildOptions(o interface{}) error {
clusterSpec.MasterKubelet = &kops.KubeletConfigSpec{}
}
ip, err := WellKnownServiceIP(clusterSpec, 10)
if err != nil {
return err
}
if clusterSpec.KubeAPIServer != nil && clusterSpec.KubeAPIServer.EnableBootstrapAuthToken != nil {
if *clusterSpec.KubeAPIServer.EnableBootstrapAuthToken {
if clusterSpec.Kubelet.BootstrapKubeconfig == "" {
@ -66,10 +61,17 @@ func (b *KubeletOptionsBuilder) BuildOptions(o interface{}) error {
clusterSpec.Kubelet.PodManifestPath = "/etc/kubernetes/manifests"
clusterSpec.Kubelet.AllowPrivileged = fi.Bool(true)
clusterSpec.Kubelet.LogLevel = fi.Int32(2)
clusterSpec.Kubelet.ClusterDNS = ip.String()
clusterSpec.Kubelet.ClusterDomain = clusterSpec.ClusterDNSDomain
clusterSpec.Kubelet.NonMasqueradeCIDR = clusterSpec.NonMasqueradeCIDR
if clusterSpec.Kubelet.ClusterDNS == "" {
ip, err := WellKnownServiceIP(clusterSpec, 10)
if err != nil {
return err
}
clusterSpec.Kubelet.ClusterDNS = ip.String()
}
if b.Context.IsKubernetesLT("1.7") {
// babysit-daemons removed in 1.7
clusterSpec.Kubelet.BabysitDaemons = fi.Bool(true)

6
pkg/model/components/kubeproxy.go
View File

@ -82,5 +82,11 @@ func (b *KubeProxyOptionsBuilder) BuildOptions(o interface{}) error {
}
}
if cloudProvider == kops.CloudProviderDO {
if config.HostnameOverride == "" {
config.HostnameOverride = "@digitalocean"
}
}
return nil
}

1
pkg/model/iam/iam_builder.go
View File

@ -704,6 +704,7 @@ func addMasterELBPolicies(p *Policy, resource stringorslice.StringOrSlice, legac
"elasticloadbalancing:CreateTargetGroup", // aws_loadbalancer.go
"elasticloadbalancing:DeleteListener", // aws_loadbalancer.go
"elasticloadbalancing:DeleteTargetGroup", // aws_loadbalancer.go
"elasticloadbalancing:DeregisterTargets", // aws_loadbalancer.go
"elasticloadbalancing:DescribeListeners", // aws_loadbalancer.go
"elasticloadbalancing:DescribeLoadBalancerPolicies", // aws_loadbalancer.go
"elasticloadbalancing:DescribeTargetGroups", // aws_loadbalancer.go

1
pkg/model/iam/tests/iam_builder_master_strict.json
View File

@ -110,6 +110,7 @@
"elasticloadbalancing:CreateTargetGroup",
"elasticloadbalancing:DeleteListener",
"elasticloadbalancing:DeleteTargetGroup",
"elasticloadbalancing:DeregisterTargets",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancerPolicies",
"elasticloadbalancing:DescribeTargetGroups",

1
pkg/model/iam/tests/iam_builder_master_strict_ecr.json
View File

@ -110,6 +110,7 @@
"elasticloadbalancing:CreateTargetGroup",
"elasticloadbalancing:DeleteListener",
"elasticloadbalancing:DeleteTargetGroup",
"elasticloadbalancing:DeregisterTargets",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancerPolicies",
"elasticloadbalancing:DescribeTargetGroups",

2
pkg/model/tests/data/bootstrapscript_0.txt
View File

@ -200,8 +200,6 @@ kubelet:
nodeLabels:
label2: value2
labelname: labelvalue
suspendProcesses:
- AZRebalance
taints:
- key1=value1:NoSchedule
- key2=value2:NoExecute

2
pkg/model/tests/data/bootstrapscript_1.txt
View File

@ -217,8 +217,6 @@ kubelet:
nodeLabels:
label2: value2
labelname: labelvalue
suspendProcesses:
- AZRebalance
taints:
- key1=value1:NoSchedule
- key2=value2:NoExecute

2
pkg/model/tests/data/bootstrapscript_2.txt
View File

@ -217,8 +217,6 @@ kubelet:
nodeLabels:
label2: value2
labelname: labelvalue
suspendProcesses:
- AZRebalance
taints:
- key1=value1:NoSchedule
- key2=value2:NoExecute

2
pkg/model/tests/data/bootstrapscript_3.txt
View File

@ -185,8 +185,6 @@ kubelet:
nodeLabels:
label2: value2
labelname: labelvalue
suspendProcesses:
- AZRebalance
taints:
- key1=value1:NoSchedule
- key2=value2:NoExecute

2
pkg/model/tests/data/bootstrapscript_4.txt
View File

@ -202,8 +202,6 @@ kubelet:
nodeLabels:
label2: value2
labelname: labelvalue
suspendProcesses:
- AZRebalance
taints:
- key1=value1:NoSchedule
- key2=value2:NoExecute

2
pkg/model/tests/data/bootstrapscript_5.txt
View File

@ -202,8 +202,6 @@ kubelet:
nodeLabels:
label2: value2
labelname: labelvalue
suspendProcesses:
- AZRebalance
taints:
- key1=value1:NoSchedule
- key2=value2:NoExecute

4
pkg/resources/aws/aws.go
View File

@ -1325,14 +1325,14 @@ func extractClusterName(userData string) string {
line = strings.TrimSpace(line)
line = strings.Trim(line, "'\"")
if clusterName != "" && clusterName != line {
glog.Warning("cannot uniquely determine cluster-name, found %q and %q", line, clusterName)
glog.Warningf("cannot uniquely determine cluster-name, found %q and %q", line, clusterName)
return ""
}
clusterName = line
}
if err := scanner.Err(); err != nil {
glog.Warning("error scanning UserData: %v", err)
glog.Warningf("error scanning UserData: %v", err)
return ""
}

12
pkg/resources/openstack/BUILD.bazel Normal file
View File

@ -0,0 +1,12 @@
load("@io_bazel_rules_go//go:def.bzl", "go_library")
go_library(
name = "go_default_library",
srcs = ["resources.go"],
importpath = "k8s.io/kops/pkg/resources/openstack",
visibility = ["//visibility:public"],
deps = [
"//pkg/resources:go_default_library",
"//upup/pkg/fi/cloudup/openstack:go_default_library",
],
)

32
pkg/resources/openstack/resources.go Normal file
View File

@ -0,0 +1,32 @@
/*
Copyright 2018 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package openstack
import (
"k8s.io/kops/pkg/resources"
"k8s.io/kops/upup/pkg/fi/cloudup/openstack"
)
type listFn func(openstack.OpenstackCloud, string) ([]*resources.Resource, error)
func ListResources(cloud openstack.OpenstackCloud, clusterName string) (map[string]*resources.Resource, error) {
resourceTrackers := make(map[string]*resources.Resource)
// TODO(lmb): Implement resource list
return resourceTrackers, nil
}

2
pkg/resources/ops/BUILD.bazel
View File

@ -14,9 +14,11 @@ go_library(
"//pkg/resources/aws:go_default_library",
"//pkg/resources/digitalocean:go_default_library",
"//pkg/resources/gce:go_default_library",
"//pkg/resources/openstack:go_default_library",
"//upup/pkg/fi:go_default_library",
"//upup/pkg/fi/cloudup/awsup:go_default_library",
"//upup/pkg/fi/cloudup/gce:go_default_library",
"//upup/pkg/fi/cloudup/openstack:go_default_library",
"//upup/pkg/fi/cloudup/vsphere:go_default_library",
"//vendor/github.com/golang/glog:go_default_library",
],

4
pkg/resources/ops/collector.go
View File

@ -24,9 +24,11 @@ import (
"k8s.io/kops/pkg/resources/aws"
"k8s.io/kops/pkg/resources/digitalocean"
"k8s.io/kops/pkg/resources/gce"
"k8s.io/kops/pkg/resources/openstack"
"k8s.io/kops/upup/pkg/fi"
"k8s.io/kops/upup/pkg/fi/cloudup/awsup"
cloudgce "k8s.io/kops/upup/pkg/fi/cloudup/gce"
cloudopenstack "k8s.io/kops/upup/pkg/fi/cloudup/openstack"
"k8s.io/kops/upup/pkg/fi/cloudup/vsphere"
)
@ -39,6 +41,8 @@ func ListResources(cloud fi.Cloud, clusterName string, region string) (map[strin
return digitalocean.ListResources(cloud.(*digitalocean.Cloud), clusterName)
case kops.CloudProviderGCE:
return gce.ListResourcesGCE(cloud.(cloudgce.GCECloud), clusterName, region)
case kops.CloudProviderOpenstack:
return openstack.ListResources(cloud.(cloudopenstack.OpenstackCloud), clusterName)
case kops.CloudProviderVSphere:
return resources.ListResourcesVSphere(cloud.(*vsphere.VSphereCloud), clusterName)
default:

3
tests/integration/update_cluster/additional_cidr/cloudformation.json.extracted.yaml
View File

@ -247,7 +247,6 @@ Resources.AWSAutoScalingLaunchConfigurationmasterustest1bmastersadditionalcidrex
cat > ig_spec.yaml << '__EOF_IG_SPEC'
kubelet: null
nodeLabels: null
suspendProcesses: null
taints: null
__EOF_IG_SPEC
@ -264,7 +263,6 @@ Resources.AWSAutoScalingLaunchConfigurationmasterustest1bmastersadditionalcidrex
Tags:
- _automatic_upgrades
- _aws
- _kubernetes_master
channels:
- memfs://clusters.example.com/additionalcidr.example.com/addons/bootstrap-channel.yaml
protokubeImage:
@ -456,7 +454,6 @@ Resources.AWSAutoScalingLaunchConfigurationnodesadditionalcidrexamplecom.Propert
cat > ig_spec.yaml << '__EOF_IG_SPEC'
kubelet: null
nodeLabels: null
suspendProcesses: null
taints: null
__EOF_IG_SPEC

3
tests/integration/update_cluster/additional_user-data/cloudformation.json.extracted.yaml
View File

@ -256,7 +256,6 @@ Resources.AWSAutoScalingLaunchConfigurationmasterustest1amastersadditionaluserda
cat > ig_spec.yaml << '__EOF_IG_SPEC'
kubelet: null
nodeLabels: null
suspendProcesses: null
taints: null
__EOF_IG_SPEC
@ -273,7 +272,6 @@ Resources.AWSAutoScalingLaunchConfigurationmasterustest1amastersadditionaluserda
Tags:
- _automatic_upgrades
- _aws
- _kubernetes_master
channels:
- memfs://clusters.example.com/additionaluserdata.example.com/addons/bootstrap-channel.yaml
protokubeImage:
@ -486,7 +484,6 @@ Resources.AWSAutoScalingLaunchConfigurationnodesadditionaluserdataexamplecom.Pro
cat > ig_spec.yaml << '__EOF_IG_SPEC'
kubelet: null
nodeLabels: null
suspendProcesses: null
taints: null
__EOF_IG_SPEC

2
tests/integration/update_cluster/complex/kubernetes.tf
View File

@ -228,6 +228,8 @@ resource "aws_elb" "api-complex-example-com" {
tags = {
KubernetesCluster = "complex.example.com"
Name = "api.complex.example.com"
Owner = "John Doe"
"foo/bar" = "fib+baz"
}
}

3
tests/integration/update_cluster/existing_iam_cloudformation/cloudformation.json.extracted.yaml
View File

@ -247,7 +247,6 @@ Resources.AWSAutoScalingLaunchConfigurationmasterustest1amastersminimalexampleco
cat > ig_spec.yaml << '__EOF_IG_SPEC'
kubelet: null
nodeLabels: null
suspendProcesses: null
taints: null
__EOF_IG_SPEC
@ -264,7 +263,6 @@ Resources.AWSAutoScalingLaunchConfigurationmasterustest1amastersminimalexampleco
Tags:
- _automatic_upgrades
- _aws
- _kubernetes_master
channels:
- memfs://clusters.example.com/minimal.example.com/addons/bootstrap-channel.yaml
protokubeImage:
@ -456,7 +454,6 @@ Resources.AWSAutoScalingLaunchConfigurationnodesminimalexamplecom.Properties.Use
cat > ig_spec.yaml << '__EOF_IG_SPEC'
kubelet: null
nodeLabels: null
suspendProcesses: null
taints: null
__EOF_IG_SPEC

1
tests/integration/update_cluster/existing_iam_cloudformation/data/aws_launch_configuration_master-us-west-2a.masters.k8s-iam.us-west-2.td.priv_user_data
View File

@ -281,7 +281,6 @@ InstanceGroupName: master-us-west-2a
Tags:
- _automatic_upgrades
- _aws
- _kubernetes_master
- _networking_cni
channels:
- s3://tune-k8s-kops-test/k8s-iam.us-west-2.td.priv/addons/bootstrap-channel.yaml

3
tests/integration/update_cluster/externallb/cloudformation.json.extracted.yaml
View File

@ -267,7 +267,6 @@ Resources.AWSAutoScalingLaunchConfigurationmasterustest1amastersexternallbexampl
cat > ig_spec.yaml << '__EOF_IG_SPEC'
kubelet: null
nodeLabels: null
suspendProcesses: null
taints: null
__EOF_IG_SPEC
@ -284,7 +283,6 @@ Resources.AWSAutoScalingLaunchConfigurationmasterustest1amastersexternallbexampl
Tags:
- _automatic_upgrades
- _aws
- _kubernetes_master
channels:
- memfs://clusters.example.com/externallb.example.com/addons/bootstrap-channel.yaml
protokubeImage:
@ -481,7 +479,6 @@ Resources.AWSAutoScalingLaunchConfigurationnodesexternallbexamplecom.Properties.
cat > ig_spec.yaml << '__EOF_IG_SPEC'
kubelet: null
nodeLabels: null
suspendProcesses: null
taints: null
__EOF_IG_SPEC

3
tests/integration/update_cluster/minimal-cloudformation/cloudformation.json.extracted.yaml
View File

@ -247,7 +247,6 @@ Resources.AWSAutoScalingLaunchConfigurationmasterustest1amastersminimalexampleco
cat > ig_spec.yaml << '__EOF_IG_SPEC'
kubelet: null
nodeLabels: null
suspendProcesses: null
taints: null
__EOF_IG_SPEC
@ -264,7 +263,6 @@ Resources.AWSAutoScalingLaunchConfigurationmasterustest1amastersminimalexampleco
Tags:
- _automatic_upgrades
- _aws
- _kubernetes_master
channels:
- memfs://clusters.example.com/minimal.example.com/addons/bootstrap-channel.yaml
protokubeImage:
@ -456,7 +454,6 @@ Resources.AWSAutoScalingLaunchConfigurationnodesminimalexamplecom.Properties.Use
cat > ig_spec.yaml << '__EOF_IG_SPEC'
kubelet: null
nodeLabels: null
suspendProcesses: null
taints: null
__EOF_IG_SPEC

2
tests/integration/update_cluster/shared_subnet/in-v1alpha2.yaml
View File

@ -18,7 +18,7 @@ spec:
- instanceGroup: master-us-test-1a
name: us-test-1a
name: events
kubernetesVersion: v1.4.12
kubernetesVersion: v1.8.6
masterInternalName: api.internal.sharedsubnet.example.com
masterPublicName: api.sharedsubnet.example.com
networkCIDR: 172.20.0.0/16

13
upup/models/cloudup/resources/addons/coredns.addons.k8s.io/k8s-1.6.yaml.template
View File

@ -64,7 +64,9 @@ data:
}
prometheus :9153
proxy . /etc/resolv.conf
loop
cache 30
loadbalance
reload
}
---
@ -99,7 +101,7 @@ spec:
operator: "Exists"
containers:
- name: coredns
image: k8s.gcr.io/coredns:1.1.3
image: k8s.gcr.io/coredns:1.2.2
imagePullPolicy: IfNotPresent
resources:
limits:
@ -111,6 +113,7 @@ spec:
volumeMounts:
- name: config-volume
mountPath: /etc/coredns
readOnly: true
ports:
- containerPort: 53
name: dns
@ -121,6 +124,14 @@ spec:
- containerPort: 9153
name: metrics
protocol: TCP
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- all
readOnlyRootFilesystem: true
livenessProbe:
httpGet:
path: /health

2
upup/models/cloudup/resources/addons/digitalocean-cloud-controller.addons.k8s.io/k8s-1.8.yaml.template
View File

@ -47,7 +47,7 @@ spec:
operator: Exists
tolerationSeconds: 300
containers:
- image: digitalocean/digitalocean-cloud-controller-manager:v0.1.3
- image: digitalocean/digitalocean-cloud-controller-manager:v0.1.7
name: digitalocean-cloud-controller-manager
command:
- "/bin/digitalocean-cloud-controller-manager"

6
upup/models/cloudup/resources/addons/dns-controller.addons.k8s.io/k8s-1.6.yaml.template
View File

@ -6,7 +6,7 @@ metadata:
labels:
k8s-addon: dns-controller.addons.k8s.io
k8s-app: dns-controller
version: v1.10.0-beta.1
version: v1.10.0
spec:
replicas: 1
selector:
@ -17,7 +17,7 @@ spec:
labels:
k8s-addon: dns-controller.addons.k8s.io
k8s-app: dns-controller
version: v1.10.0-beta.1
version: v1.10.0
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
# For 1.6, we keep the old tolerations in case of a downgrade to 1.5
@ -33,7 +33,7 @@ spec:
serviceAccount: dns-controller
containers:
- name: dns-controller
image: kope/dns-controller:1.10.0-beta.1
image: kope/dns-controller:1.10.0
command:
{{ range $arg := DnsControllerArgv }}
- "{{ $arg }}"

6
upup/models/cloudup/resources/addons/dns-controller.addons.k8s.io/pre-k8s-1.6.yaml.template
View File

@ -6,7 +6,7 @@ metadata:
labels:
k8s-addon: dns-controller.addons.k8s.io
k8s-app: dns-controller
version: v1.10.0-beta.1
version: v1.10.0
spec:
replicas: 1
selector:
@ -17,7 +17,7 @@ spec:
labels:
k8s-addon: dns-controller.addons.k8s.io
k8s-app: dns-controller
version: v1.10.0-beta.1
version: v1.10.0
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
scheduler.alpha.kubernetes.io/tolerations: '[{"key": "dedicated", "value": "master"}]'
@ -28,7 +28,7 @@ spec:
hostNetwork: true
containers:
- name: dns-controller
image: kope/dns-controller:1.10.0-beta.1
image: kope/dns-controller:1.10.0
command:
{{ range $arg := DnsControllerArgv }}
- "{{ $arg }}"

4
upup/models/cloudup/resources/addons/networking.amazon-vpc-routed-eni/k8s-1.7.yaml.template
View File

@ -62,8 +62,8 @@ spec:
serviceAccountName: aws-node
hostNetwork: true
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
- effect: NoSchedule
operator: Exists
- key: CriticalAddonsOnly
operator: Exists
containers:

2
upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.7.yaml.template
View File

@ -519,7 +519,7 @@ spec:
operator: Exists
serviceAccountName: k8s-ec2-srcdst
containers:
- image: ottoyiu/k8s-ec2-srcdst:v0.2.1
- image: ottoyiu/k8s-ec2-srcdst:v0.2.2
name: k8s-ec2-srcdst
resources:
requests:

17
upup/models/cloudup/resources/addons/networking.weave/k8s-1.6.yaml.template
View File

@ -1,3 +1,13 @@
{{- if WeaveSecret }}
apiVersion: v1
kind: Secret
metadata:
name: weave-net
namespace: kube-system
stringData:
network-password: {{ WeaveSecret }}
---
{{- end }}
apiVersion: v1
kind: ServiceAccount
metadata:
@ -128,6 +138,13 @@ spec:
- name: CONN_LIMIT
value: "{{ .Networking.Weave.ConnLimit }}"
{{- end }}
{{- if WeaveSecret }}
- name: WEAVE_PASSWORD
valueFrom:
secretKeyRef:
name: weave-net
key: network-password
{{- end }}
image: 'weaveworks/weave-kube:2.3.0'
livenessProbe:
httpGet:

11
upup/models/cloudup/resources/addons/networking.weave/k8s-1.7.yaml.template
View File

@ -44,6 +44,13 @@ rules:
- get
- list
- watch
- apiGroups:
- ''
resources:
- nodes/status
verbs:
- patch
- update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
@ -148,7 +155,7 @@ spec:
name: weave-net
key: network-password
{{- end }}
image: 'weaveworks/weave-kube:2.3.0'
image: 'weaveworks/weave-kube:2.4.0'
livenessProbe:
httpGet:
host: 127.0.0.1
@ -186,7 +193,7 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
image: 'weaveworks/weave-npc:2.3.0'
image: 'weaveworks/weave-npc:2.4.0'
resources:
requests:
cpu: 50m

243
upup/models/cloudup/resources/addons/networking.weave/k8s-1.8.yaml.template Normal file
View File

@ -0,0 +1,243 @@
{{- if WeaveSecret }}
apiVersion: v1
kind: Secret
metadata:
name: weave-net
namespace: kube-system
stringData:
network-password: {{ WeaveSecret }}
---
{{- end }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: weave-net
namespace: kube-system
labels:
name: weave-net
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: weave-net
namespace: kube-system
labels:
name: weave-net
role.kubernetes.io/networking: "1"
rules:
- apiGroups:
- ''
resources:
- pods
- namespaces
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- 'networking.k8s.io'
resources:
- networkpolicies
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- nodes/status
verbs:
- patch
- update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: weave-net
namespace: kube-system
labels:
name: weave-net
role.kubernetes.io/networking: "1"
roleRef:
kind: ClusterRole
name: weave-net
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: weave-net
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: weave-net
namespace: kube-system
labels:
name: weave-net
rules:
- apiGroups:
- ''
resources:
- configmaps
resourceNames:
- weave-net
verbs:
- get
- update
- apiGroups:
- ''
resources:
- configmaps
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: weave-net
namespace: kube-system
labels:
name: weave-net
roleRef:
kind: Role
name: weave-net
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: weave-net
namespace: kube-system
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: weave-net
namespace: kube-system
labels:
name: weave-net
role.kubernetes.io/networking: "1"
spec:
# Wait 5 seconds to let pod connect before rolling next pod
minReadySeconds: 5
template:
metadata:
labels:
name: weave-net
role.kubernetes.io/networking: "1"
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
containers:
- name: weave
command:
- /home/weave/launch.sh
env:
- name: HOSTNAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: IPALLOC_RANGE
value: {{ .KubeControllerManager.ClusterCIDR }}
{{- if .Networking.Weave.MTU }}
- name: WEAVE_MTU
value: "{{ .Networking.Weave.MTU }}"
{{- end }}
{{- if .Networking.Weave.ConnLimit }}
- name: CONN_LIMIT
value: "{{ .Networking.Weave.ConnLimit }}"
{{- end }}
{{- if WeaveSecret }}
- name: WEAVE_PASSWORD
valueFrom:
secretKeyRef:
name: weave-net
key: network-password
{{- end }}
image: 'weaveworks/weave-kube:2.4.0'
livenessProbe:
httpGet:
host: 127.0.0.1
path: /status
port: 6784
initialDelaySeconds: 30
resources:
requests:
cpu: 50m
memory: 200Mi
limits:
memory: 200Mi
securityContext:
privileged: true
volumeMounts:
- name: weavedb
mountPath: /weavedb
- name: cni-bin
mountPath: /host/opt
- name: cni-bin2
mountPath: /host/home
- name: cni-conf
mountPath: /host/etc
- name: dbus
mountPath: /host/var/lib/dbus
- name: lib-modules
mountPath: /lib/modules
- name: xtables-lock
mountPath: /run/xtables.lock
- name: weave-npc
args: []
env:
- name: HOSTNAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
image: 'weaveworks/weave-npc:2.4.0'
resources:
requests:
cpu: 50m
memory: 200Mi
limits:
memory: 200Mi
securityContext:
privileged: true
volumeMounts:
- name: xtables-lock
mountPath: /run/xtables.lock
hostNetwork: true
hostPID: true
restartPolicy: Always
securityContext:
seLinuxOptions: {}
serviceAccountName: weave-net
tolerations:
- effect: NoSchedule
operator: Exists
- key: CriticalAddonsOnly
operator: Exists
volumes:
- name: weavedb
hostPath:
path: /var/lib/weave
- name: cni-bin
hostPath:
path: /opt
- name: cni-bin2
hostPath:
path: /home
- name: cni-conf
hostPath:
path: /etc
- name: dbus
hostPath:
path: /var/lib/dbus
- name: lib-modules
hostPath:
path: /lib/modules
- name: xtables-lock
hostPath:
path: /run/xtables.lock
type: FileOrCreate
updateStrategy:
type: RollingUpdate

3
upup/pkg/fi/BUILD.bazel
View File

@ -21,6 +21,7 @@ go_library(
"http.go",
"lifecycle.go",
"named.go",
"printers.go",
"resources.go",
"secrets.go",
"target.go",
@ -45,8 +46,10 @@ go_library(
"//pkg/kopscodecs:go_default_library",
"//pkg/pki:go_default_library",
"//pkg/sshcredentials:go_default_library",
"//pkg/values:go_default_library",
"//upup/pkg/fi/utils:go_default_library",
"//util/pkg/hashing:go_default_library",
"//util/pkg/reflectutils:go_default_library",
"//util/pkg/vfs:go_default_library",
"//vendor/github.com/golang/glog:go_default_library",
"//vendor/golang.org/x/crypto/ssh:go_default_library",

2
upup/pkg/fi/assettasks/copydockerimage_fitask.go
View File

@ -29,7 +29,7 @@ import (
// JSON marshalling boilerplate
type realCopyDockerImage CopyDockerImage
// UnmarshalJSON implements conversion to JSON, supporitng an alternate specification of the object as a string
// UnmarshalJSON implements conversion to JSON, supporting an alternate specification of the object as a string
func (o *CopyDockerImage) UnmarshalJSON(data []byte) error {
var jsonName string
if err := json.Unmarshal(data, &jsonName); err == nil {

2
upup/pkg/fi/assettasks/copyfile_fitask.go
View File

@ -29,7 +29,7 @@ import (
// JSON marshalling boilerplate
type realCopyFile CopyFile
// UnmarshalJSON implements conversion to JSON, supporitng an alternate specification of the object as a string
// UnmarshalJSON implements conversion to JSON, supporting an alternate specification of the object as a string
func (o *CopyFile) UnmarshalJSON(data []byte) error {
var jsonName string
if err := json.Unmarshal(data, &jsonName); err == nil {

1
upup/pkg/fi/cloudup/BUILD.bazel
View File

@ -73,6 +73,7 @@ go_library(
"//upup/pkg/fi/loader:go_default_library",
"//upup/pkg/fi/utils:go_default_library",
"//util/pkg/hashing:go_default_library",
"//util/pkg/reflectutils:go_default_library",
"//util/pkg/vfs:go_default_library",
"//vendor/github.com/blang/semver:go_default_library",
"//vendor/github.com/golang/glog:go_default_library",

4
upup/pkg/fi/cloudup/alitasks/disk.go
View File

@ -73,7 +73,7 @@ func (d *Disk) Find(c *fi.Context) (*Disk, error) {
return nil, nil
}
if len(responseDisks) > 1 {
glog.V(4).Info("The number of specified disk with the same name and ClusterTags exceeds 1, diskName:%q", *d.Name)
glog.V(4).Infof("The number of specified disk with the same name and ClusterTags exceeds 1, diskName:%q", *d.Name)
}
glog.V(2).Infof("found matching Disk with name: %q", *d.Name)
@ -88,7 +88,7 @@ func (d *Disk) Find(c *fi.Context) (*Disk, error) {
tags, err := cloud.GetTags(fi.StringValue(actual.DiskId), DiskResource)
if err != nil {
glog.V(4).Info("Error getting tags on resourceId:%q", *actual.DiskId)
glog.V(4).Infof("Error getting tags on resourceId:%q", *actual.DiskId)
}
actual.Tags = tags

2
upup/pkg/fi/cloudup/alitasks/disk_fitask.go
View File

@ -29,7 +29,7 @@ import (
// JSON marshalling boilerplate
type realDisk Disk
// UnmarshalJSON implements conversion to JSON, supporitng an alternate specification of the object as a string
// UnmarshalJSON implements conversion to JSON, supporting an alternate specification of the object as a string
func (o *Disk) UnmarshalJSON(data []byte) error {
var jsonName string
if err := json.Unmarshal(data, &jsonName); err == nil {

2
upup/pkg/fi/cloudup/alitasks/launchconfiguration.go
View File

@ -86,7 +86,7 @@ func (l *LaunchConfiguration) Find(c *fi.Context) (*LaunchConfiguration, error)
return nil, nil
}
if len(configList) > 1 {
glog.V(4).Info("The number of specified ScalingConfigurations with the same name and ScalingGroupId exceeds 1, diskName:%q", *l.Name)
glog.V(4).Infof("The number of specified ScalingConfigurations with the same name and ScalingGroupId exceeds 1, diskName:%q", *l.Name)
}
glog.V(2).Infof("found matching LaunchConfiguration: %q", *l.Name)

2
upup/pkg/fi/cloudup/alitasks/launchconfiguration_fitask.go
View File

@ -29,7 +29,7 @@ import (
// JSON marshalling boilerplate
type realLaunchConfiguration LaunchConfiguration
// UnmarshalJSON implements conversion to JSON, supporitng an alternate specification of the object as a string
// UnmarshalJSON implements conversion to JSON, supporting an alternate specification of the object as a string
func (o *LaunchConfiguration) UnmarshalJSON(data []byte) error {
var jsonName string
if err := json.Unmarshal(data, &jsonName); err == nil {

4
upup/pkg/fi/cloudup/alitasks/loadbalancer.go
View File

@ -68,7 +68,7 @@ func (l *LoadBalancer) Find(c *fi.Context) (*LoadBalancer, error) {
return nil, nil
}
if len(responseLoadBalancers) > 1 {
glog.V(4).Info("The number of specified loadbalancer with the same name exceeds 1, loadbalancerName:%q", *l.Name)
glog.V(4).Infof("The number of specified loadbalancer with the same name exceeds 1, loadbalancerName:%q", *l.Name)
}
glog.V(2).Infof("found matching LoadBalancer: %q", *l.Name)
@ -122,7 +122,7 @@ func (l *LoadBalancer) FindIPAddress(context *fi.Context) (*string, error) {
return nil, nil
}
if len(responseLoadBalancers) > 1 {
glog.V(4).Info("The number of specified loadbalancer with the same name exceeds 1, loadbalancerName:%q", *l.Name)
glog.V(4).Infof("The number of specified loadbalancer with the same name exceeds 1, loadbalancerName:%q", *l.Name)
}
address := responseLoadBalancers[0].Address

2
upup/pkg/fi/cloudup/alitasks/loadbalancer_fitask.go
View File

@ -29,7 +29,7 @@ import (
// JSON marshalling boilerplate
type realLoadBalancer LoadBalancer
// UnmarshalJSON implements conversion to JSON, supporitng an alternate specification of the object as a string
// UnmarshalJSON implements conversion to JSON, supporting an alternate specification of the object as a string
func (o *LoadBalancer) UnmarshalJSON(data []byte) error {
var jsonName string
if err := json.Unmarshal(data, &jsonName); err == nil {

2
upup/pkg/fi/cloudup/alitasks/loadbalancerlistener_fitask.go
View File

@ -29,7 +29,7 @@ import (
// JSON marshalling boilerplate
type realLoadBalancerListener LoadBalancerListener
// UnmarshalJSON implements conversion to JSON, supporitng an alternate specification of the object as a string
// UnmarshalJSON implements conversion to JSON, supporting an alternate specification of the object as a string
func (o *LoadBalancerListener) UnmarshalJSON(data []byte) error {
var jsonName string
if err := json.Unmarshal(data, &jsonName); err == nil {

2
upup/pkg/fi/cloudup/alitasks/loadbalancerwhitelist_fitask.go
View File

@ -29,7 +29,7 @@ import (
// JSON marshalling boilerplate
type realLoadBalancerWhiteList LoadBalancerWhiteList
// UnmarshalJSON implements conversion to JSON, supporitng an alternate specification of the object as a string
// UnmarshalJSON implements conversion to JSON, supporting an alternate specification of the object as a string
func (o *LoadBalancerWhiteList) UnmarshalJSON(data []byte) error {
var jsonName string
if err := json.Unmarshal(data, &jsonName); err == nil {

2
upup/pkg/fi/cloudup/alitasks/rampolicy_fitask.go
View File

@ -29,7 +29,7 @@ import (
// JSON marshalling boilerplate
type realRAMPolicy RAMPolicy
// UnmarshalJSON implements conversion to JSON, supporitng an alternate specification of the object as a string
// UnmarshalJSON implements conversion to JSON, supporting an alternate specification of the object as a string
func (o *RAMPolicy) UnmarshalJSON(data []byte) error {
var jsonName string
if err := json.Unmarshal(data, &jsonName); err == nil {

2
upup/pkg/fi/cloudup/alitasks/ramrole_fitask.go
View File

@ -29,7 +29,7 @@ import (
// JSON marshalling boilerplate
type realRAMRole RAMRole
// UnmarshalJSON implements conversion to JSON, supporitng an alternate specification of the object as a string
// UnmarshalJSON implements conversion to JSON, supporting an alternate specification of the object as a string
func (o *RAMRole) UnmarshalJSON(data []byte) error {
var jsonName string
if err := json.Unmarshal(data, &jsonName); err == nil {

2
upup/pkg/fi/cloudup/alitasks/scalinggroup.go
View File

@ -68,7 +68,7 @@ func (s *ScalingGroup) Find(c *fi.Context) (*ScalingGroup, error) {
}
if len(groupList) > 1 {
glog.V(4).Info("The number of specified scalingGroup with the same name and ClusterTags exceeds 1, diskName:%q", *s.Name)
glog.V(4).Infof("The number of specified scalingGroup with the same name and ClusterTags exceeds 1, diskName:%q", *s.Name)
}
glog.V(2).Infof("found matching ScalingGroup with Name: %q", *s.Name)

2
upup/pkg/fi/cloudup/alitasks/scalinggroup_fitask.go
View File

@ -29,7 +29,7 @@ import (
// JSON marshalling boilerplate
type realScalingGroup ScalingGroup
// UnmarshalJSON implements conversion to JSON, supporitng an alternate specification of the object as a string
// UnmarshalJSON implements conversion to JSON, supporting an alternate specification of the object as a string
func (o *ScalingGroup) UnmarshalJSON(data []byte) error {
var jsonName string
if err := json.Unmarshal(data, &jsonName); err == nil {

2
upup/pkg/fi/cloudup/alitasks/securitygroup_fitask.go
View File

@ -29,7 +29,7 @@ import (
// JSON marshalling boilerplate
type realSecurityGroup SecurityGroup
// UnmarshalJSON implements conversion to JSON, supporitng an alternate specification of the object as a string
// UnmarshalJSON implements conversion to JSON, supporting an alternate specification of the object as a string
func (o *SecurityGroup) UnmarshalJSON(data []byte) error {
var jsonName string
if err := json.Unmarshal(data, &jsonName); err == nil {

Some files were not shown because too many files have changed in this diff Show More